Tim Pfaelzer, Senior Vice President & General EMEA Manager at Veeam, has penned an op-ed, in which he states his belief that many organisations are guilting of fooling themselves when it comes to the strength of their own data resilience.
For too long, business leaders have viewed their organization’s data resilience from afar, relying on theoretical plans and a checklist mindset.
This 2D perspective – where technical measures are simply ticked off a to-do list – fails to capture the full, real-world cross-organizational complexity of cyber threats. Ransomware, in particular, cannot be fully simulated on paper.
This mentality has led to a dangerous false sense of security. Veeam research shows that more than 30% of organizations believe they are more resilient than they actually are. While they may have the right pieces in place, unless these elements work together in a rigorously tested, real-world incident response plan, they risk being exposed when a true crisis hits.
With 69% of organizations having faced a ransomware threat in the past year, the time for blind confidence is over. Leaders must remove the wool from their eyes and take meaningful, proactive action.
False Confidence, Real Consequences
Data resilience can be deceptively complex, and gaps often remain hidden until it’s too late. Many organizations fall into the trap of believing they are prepared, only to find out otherwise under attack.
Of the organizations that fell victim to ransomware last year, 69% thought they were prepared beforehand. After experiencing an attack, confidence in their preparedness dropped by more than 20%.
Although the majority of organizations had a ransomware playbook, less than half included essential technical components such as backup copies and containment or isolation plans. On the surface, everything may have appeared in order – but a closer inspection revealed significant vulnerabilities.
The consequences of misplaced confidence are severe. Only 10.5% of organizations were able to successfully recover following a ransomware attack last year, leading to major business and operational impacts. The recent M&S ransomware incident is a high-profile example, causing not only service outages for customers but also an estimated £300 million hit to trading profits.
The Evolving Threat Landscape
Some organizations may have hoped that the disruption of major ransomware groups like BlackCat and LockBit by law enforcement would make the threat landscape easier to navigate. In reality, the threat has not diminished – it has evolved. Smaller groups and “lone wolves” have quickly filled the gap, bringing new methods and tactics that further challenge organizational resilience.
From 2D to 3D: The Path to True Resilience
Regardless of how confident an organization may be in its data resilience, a deeper, more critical examination of its ransomware playbooks is essential. It is no longer safe to assume that what works on paper will hold up under real-life duress. Leaders must move from a flat, 2D perspective to a dynamic, 3D approach.
Start with the big picture: Do you know what data you need to protect and where it resides? Are the key resilience measures, such as a predefined chain of command and regular backup verifications, in place? Drill down further: Are your security teams up to date on the latest attack trends? With 89% of organizations reporting their backup repositories targeted by threat actors, ensuring redundancy for your backups is now critical.
Plugging the gaps is only the beginning. Organizations must stress-test their incident response plans with real-world simulations. It’s not enough to rely on plan A – test plans B, C, D, and beyond, including scenarios where critical staff are unavailable or multiple crises occur simultaneously. This process often exposes blind spots that would go unnoticed in a theoretical plan.
Turning Confidence Into Capability
Leveraging frameworks like the Veeam Data Resilience Maturity Model (DRMM), developed in partnership with McKinsey, can help organizations move beyond blind confidence. Our findings show that organizations with a high degree of data maturity recover from ransomware incidents seven times faster than their less mature counterparts, and experience three times less downtime.
By taking control of data resilience – grounded in rigorous testing, continuous improvement, and collective intelligence – organizations can replace blind confidence with real capability. In the current threat landscape, it’s not a question of “if” your organization will be attacked, but “when”. The best time to prepare is now – because in data resilience, only true readiness will make the difference.
