Veeam bridges data
‘reality gap’

Most organisations believe they’re ready for a data crisis – but new research from Veeam and McKinsey says otherwise. A sharp disconnect exists between perceived and actual resilience when outages or cyberattacks strike.

According to the study: while 30% of CIOs rate their organisations as above average in data resilience, fewer than 10% meet that mark in reality.

The consequences are costly: IT downtime is estimated to drain the Global 2000 of more than $400-billion a year, with an average $200-million loss per company from operational disruption, reputational damage, and lost revenue.

To address this growing risk, Veeam has developed a Data Resilience Maturity Model (DRMM) – a new framework that helps organisations assess their true posture and take decisive action to close the gap between perception and reality.

This “reality gap” is not new, as highlighted by Gadget editor-in-chief Arthur Goldstuck in an article titled Business not clued up on vital backup, published in the Sunday Times as long ago as 28 March 2021. The piece reported similarly troubling findings from a global Veeam study, which revealed that 58% of backups fail and 95% of organisations experience unexpected outages.

Then, as now, the disconnect between perceived and actual resilience was identified as a critical vulnerability – one that continues to put businesses at risk despite growing investment in data protection. The DRMM is Veeam’s latest step toward closing that long-standing gap. Now, Veeam is doing something about it.

“Data resilience is critical to survival – and most companies are operating in the dark,” says Anand Eswaran, CEO of Veeam. “The new Veeam DRMM is more than just a model; it’s a wake-up call that equips leaders with the tools and insights necessary to transform wishful thinking into actionable, radical resilience, enabling them to start protecting their data with the same urgency as they protect their revenue, employees, customers, and brand.”

Veeam says the DRMM framework enables leaders to assess and improve their data resilience by providing valuable insights for aligning people, processes, and technical capabilities with their overall data strategy. This alignment helps minimise risk exposure while enabling organisations to concentrate on mission-critical objectives and sustain a competitive advantage.

Notably, the DRMM is the only framework in the industry from a consortium of industry experts that delivers a holistic perspective on cyber resilience, disaster recovery (DR), and operational continuity across three key domains: data strategy, people and processes, and technology.

Key findings from the Veeam DRMM research include:

• 74% of organisations fall short of best practices, operating at the two lowest levels of maturity.
• Organisations at the highest maturity level (the Best-in-Class horizon) recover from outages seven times faster, experience three times less downtime, and suffer four times less data loss than their peers.
• Alarmingly, over 30% of CIOs in the least resilient companies mistakenly believe their data resilience capabilities are better than they actually are, exposing their businesses to potential failure.

“Data resilience isn’t just about protecting data, it’s about protecting the entire business,” says Eswaran. “This is the difference between shutting down operations during an outage or keeping the business running. It’s the difference between paying a ransom or not.  It provides the foundation for AI innovation, compliance, trust, and long-term performance – including competitive advantage.”

Built on extensive research in collaboration with McKinsey and insights from over 500 IT, security, and operations leaders, the Veeam DRMM has been validated through real-world customer outcomes, including a healthcare system that saved $5-million per outage and a global bank that achieved zero cyber incidents after implementing the model with Veeam’s platform.

Investing in data resilience yields substantial returns according to the DRMM research. It finds that for every $1 spent on data resilience measures, companies reap $3 to $5, and sometimes as much as $10, in return – driven by improved uptime, reduced incident costs, and enhanced agility. As a result, data resilience has surged to the second strategic priority for IT leaders, behind cost optimisation in the first position.

A resilience blueprint for the boardroom

The Veeam DRMM categorises organisations across four data resilience maturity horizons:

• Basic: Reactive and manual, highly exposed.
• Intermediate: Reliable but fragmented, lacking automation.
• Advanced: Strategic and proactive, yet missing full integration.
• Best-in-class: Autonomous, AI-optimised, fully resilient.

George Westerman, principal research scientist at the MIT Sloan School of Management, says: “As organisations increasingly recognise the growing risks associated with data outages and cyber threats, the report underscores the importance of a collective commitment from executives beyond the IT department, to data resilience.

“Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organisation. But even more, they can be a signal of immature IT management processes that have led to overly complex, hard to manage, IT infrastructure.  The DRMM highlights ways that businesses can equip themselves to handle today’s challenges while being ready for tomorrow’s opportunities.”

Organisations can begin improving their data resilience by engaging in Veeam’s executive workshops, which are designed to help assess current maturity levels, reduce risk exposure, and identify opportunities for improvement. These initiatives aim to support more effective outage prevention and faster, more secure recovery when disruptions occur.