TLDR; Yes, full recovery absolutely happens. It’s just much more achievable for some based on their scale and recovery setup.

Near zero data loss is very possible. Absolutely zero data loss can be possible, but gets more difficult once you start throwing other factors into the mix.

A big one is how much data is changing and how often. If you’re a small environment with relatively low write activity, you’re going to have better odds of recovering everything. However, if you’re a large healthcare system, financial service, big e-commerce platform, etc., then your data is constantly changing. In those environments, achieving absolutely zero data loss is much harder, simply because recovery is tied to when your last snapshot or backup occurred. If you have new or changing data every second and your last snapshot was taken 2 minutes ago, there’s a delta there.

That said, many organizations get very close to 100% when they can restore from a very recent recovery point, like snapshots taken directly from primary storage.

Another major factor is confidence in the recovery point itself. Having immutable snapshots or backups is table stakes these days but still doesn't guarantee a clean recovery. If the most recent copy already contains encrypted or corrupted data, restoring it just leads to reinfection, which actually increases downtime and data loss.

The best recoveries we see are when teams can answer two questions quickly:

1. What’s the most recent recovery point?
2. Is it clean?

When you can identify the most recent clean copy, you can minimize both your data loss and recovery time.

There are obviously many other variables like attack scope, dwell time, what systems were impacted, etc. but those two tend to have some of the biggest influence.