Data resilience: confident until crisis?

Management

Tim Pfaelzer at Veeam asks whether organisations are pulling the wool over their own eyes when it comes to data resilience

For too long, business leaders have viewed their organisation’s data resilience from afar, relying on theoretical plans and a checklist mindset. This 2D perspective - where technical measures are simply ticked off a to-do list - fails to capture the full, real-world cross-organisational complexity of cyber threats. Ransomware, in particular, cannot be fully simulated on paper.

This mentality has led to a dangerous false sense of security. Recent research shows that more than 30% of organisations believe they are more resilient than they actually are. While they may have the right pieces in place, unless these elements work together in a rigorously tested, real-world incident response plan, they risk being exposed when a true crisis hits.

With the same research revealing that 69% of organisations have faced a ransomware threat in the past year, the time for blind confidence is over. Leaders must remove the wool from their eyes and take meaningful, proactive action.

False confidence, real consequences

Data resilience can be deceptively complex, and gaps often remain hidden until it’s too late. Many organisations fall into the trap of believing they are prepared, only to find out otherwise under attack. Of the organisations that fell victim to ransomware last year, 69% thought they were prepared beforehand. After experiencing an attack, confidence in their preparedness dropped by more than 20%.

Although the majority of organisations had a ransomware playbook, less than half included essential technical components such as backup copies and containment or isolation plans. On the surface, everything may have appeared in order - but a closer inspection revealed significant vulnerabilities.

The consequences of misplaced confidence are severe. Less than 10% of organisations managed to recover more than 90% of their servers within expectations, leading to major business and operational impacts. The recent M&S ransomware incident is a high-profile example, causing not only service outages for customers but also an estimated £300 million hit to trading profits.

Some organisations may have hoped that the disruption of major ransomware groups like BlackCat and LockBit by law enforcement would make the threat landscape easier to navigate. In reality, the threat has not diminished - it has evolved. Smaller groups and “lone wolves” have quickly filled the gap, bringing new methods and tactics that further challenge organisational resilience.

From 2D to 3D: the path to true resilience

Regardless of how confident an organisation may be in its data resilience, a deeper, more critical examination of its ransomware playbooks is essential. It is no longer safe to assume that what works on paper will hold up under real-life duress. Leaders must move from a flat, 2D perspective to a dynamic, 3D approach.

Start with the big picture: Do you know what data you need to protect and where it resides? Are the key resilience measures, such as a predefined chain of command and regular backup verifications, in place? Drill down further: Are your security teams up to date on the latest attack trends? With 89% of organisations reporting their backup repositories targeted by threat actors, ensuring redundancy for your backups is now critical.

Plugging the gaps is only the beginning. Organisations must stress-test their incident response plans with real-world simulations. It’s not enough to rely on plan A - test plans B, C, D, and beyond, including scenarios where critical staff are unavailable or multiple crises occur simultaneously. This process often exposes blind spots that would go unnoticed in a theoretical plan.

Turning confidence into capability

By taking control of data resilience - grounded in rigorous testing, continuous improvement, and collective intelligence - organisations can replace blind confidence with real capability. In the current threat landscape, it’s not a question of “if” your organisation will be attacked, but “when”. The best time to prepare is now - because in data resilience, only true readiness will make the difference.

Tim Pfaelzer is Senior Vice President & General EMEA Manager at Veeam

Main image courtesy of iStockPhoto.com and honig