SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Data Protection
#
DR
#
Cybersecurity

Most firms overestimate data resilience, risking USD $400 billion

Today
Author image
By Melania Watson, Interview Editor

Veeam has launched the Data Resilience Maturity Model (DRMM) to provide a framework for organisations to assess and improve their data resilience capabilities.

The DRMM is based on joint research from Veeam and management consultancy McKinsey, examining global approaches to data resilience among large enterprises.

The research identified a significant gap between business leaders' perception of their organisation's data resilience and the actual maturity of their systems and processes.

The report shows that while 30% of global Chief Information Officers (CIOs) believe their organisations are above average in data resilience, fewer than 10% actually reach that standard. According to the findings, over 74% of global organisations operate at the two lowest levels of data resilience maturity and do not follow best practices.

IT downtime remains a critical business problem, with the Global 2000 collectively incurring over USD $400 billion in losses annually through outages, reputational harm, and operational disruption. For individual companies, this translates to losses of up to USD $200 million per year.

Anand Eswaran, Chief Executive Officer of Veeam, stated: "Data resilience is critical to survival—and most companies are operating in the dark. The new Veeam DRMM is more than just a model; it's a wake-up call that equips leaders with the tools and insights necessary to transform wishful thinking into actionable, radical resilience, enabling them to start protecting their data with the same urgency as they protect their revenue, employees, customers, and brand."

The DRMM provides a method for organisations to objectively assess their resilience, offering insights for aligning people, processes, and technical capabilities with their overall data strategy. This alignment aims to reduce risk exposure and enable organisations to focus on business-critical objectives, while maintaining their competitive edge.

The framework is described as the only industry model developed by a consortium of experts that covers cyber resilience, disaster recovery, and operational continuity across three domains: data strategy, people and processes, and technology.

Among the key findings, organisations at the highest level of data resilience maturity—the Best-in-Class horizon—recover from outages seven times faster, experience three times less downtime, and suffer four times less data loss than those in lower tiers. The research highlights that over 30% of CIOs in the least resilient companies mistakenly assess their resilience as above average, exposing their businesses to significant risk.

Eswaran also commented: "Data resilience isn't just about protecting data, it's about protecting the entire business. This is the difference between shutting down operations during an outage or keeping the business running. It's the difference between paying a ransom or not. It provides the foundation for AI innovation, compliance, trust, and long-term performance – including competitive advantage."

The model categorises organisations across four maturity horizons in terms of resilience: Basic (reactive and manual, with high exposure), Intermediate (reliable but fragmented, lacking automation), Advanced (strategic and proactive without full integration), and Best-in-Class (autonomous, AI-optimised, and fully resilient).

George Westerman, Principal Research Scientist at the MIT Sloan School of Management, affirmed the wider business relevance of data resilience. He said: "As organisations increasingly recognise the growing risks associated with data outages and cyber threats, the report underscores the importance of a collective commitment from executives beyond the IT department, to data resilience. Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organisation. But even more, they can be a signal of immature IT management processes that have led to overly complex, hard to manage, IT infrastructure. The Digital Resilience Maturity Model highlights ways that businesses can equip themselves to handle today's challenges while being ready for tomorrow's opportunities."

The research underpinning DRMM was derived from a survey of 500 senior IT, information security, and operations leaders from large enterprises, along with insights from over 50 interviews with C-level executives and IT leaders. Real-world case studies cited in the findings include a healthcare system that saved USD $5 million per outage and a global bank that has not experienced a single cyber incident after embedding the model into practice using Veeam's platform.

According to the DRMM research, data resilience investments deliver significant returns, with each USD $1 spent yielding between USD $3 and USD $10 in value through improved system uptime, reduced incident costs, and enhanced agility. Consequently, data resilience has become the second most important strategic priority for IT leaders, behind only cost optimisation.

Organisations have the option to participate in executive workshops offered by Veeam to help progress up the maturity curve, reduce risk exposure, and enable new operational innovations.

The Veeam report emphasises the imperative for businesses to prioritise data resilience as a central component of their overall strategy, acknowledging the wide-ranging operational, financial, and reputational risks posed by data loss and downtime.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Proofpoint unveils unified platforms to combat data & cyber risks
Veeam highlights ESG progress in first global sustainability report
CrowdStrike launches Falcon Privileged Access to block threats
APJ region sees 73% surge in web & API attacks in 2024
CrowdStrike named leader in GigaOm XDR report for 2025
Top stories
OPSWAT partners with Sektor Cyber to boost ANZ presence
Quishing attacks rise as QR codes pose new cybersecurity risks
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint unveils unified AI data security platform for enterprises
Lineaje launches AI-powered self-healing for software security