Veeam Research Finds IT Leaders Feel Increasingly Unprotected from Cyberattacks and Other Disasters
January 2023 by Veeam Software
Veeam® Software released findings of the company’s fourth annual Data Protection Trends Report to better understand how data protection is evolving in a digital world. The survey found that companies are challenged with more complex hybrid IT environments and are raising budgets to fend off cyberattacks as well as keep up as production environments continue to diversify across various clouds. The result is that IT leaders feel they aren’t sufficiently protected. A top priority of organizations this year is improving reliability and success of backups, followed by ensuring that Infrastructure as a Service (IaaS) and Software as a Service (SaaS) protection is equitable to the protection they rely on for datacenter-centric workloads.
Highlights of the Veeam Data Protection Trends Report 2023:
• Modern Data Protection is needed to keep businesses running: Four out of five organizations believe that they have a gap, or a sense of dissatisfaction or anxiety, between what their business units expect and what IT services can deliver. 82% have an ‘Availability Gap’ between how quickly they need systems to be recoverable and how quickly IT can bring them back. 79% cite a ‘Protection Gap’ between how much data they can lose and how frequently IT protects their data. These gaps are one reason that 57% of organizations expect to change their primary data protection in 2023, as well as the justification for increased data protection budgets.
• Data protection budgets are increasing: Globally, organizations expect to increase their data protection budget in 2023 by 6.5%, which is notably higher than overall spending plans in other areas of IT. Of the 85% of organizations planning on increasing their data protection budgets, their average planned increase is 8.3% and often in concert with increased investments in cybersecurity tools.
• Despite the awareness and increase in preparedness, ransomware is winning: Cyberattacks caused the most impactful outages for organizations in 2020, 2021 and 2022, according to the report. 85% of organizations were attacked at least once in the past 12 months; up from 76% in last year’s report. Specifically, recovery is a main concern as organizations reported that only 55% of their encrypted/destroyed data was recoverable from attacks. According to the survey, the single most important aspect that organizations are looking for in a Modern Data Protection solution is the “integration of data protection within a cyber preparedness strategy.”
• Ransomware is the biggest hindrance to Digital Transformation: Due to its burden on budgets and manpower, ransomware and the current volatile cyber security landscape are taking priority for IT teams. This is causing IT resources and budgets originally allocated towards Digital Transformation initiatives to pivot to cyber prevention. Not only do cyberattacks drain operational budgets from ransoms to recovery efforts, but they also reduce organizations’ ability to modernize for their future success; instead, they must pay for prevention and mitigation of the status quo.
• Container-centric workloads are growing in popularity: Containers, and more specifically Kubernetes, show all the characteristics of a mainstream production platform, with the same kinds of data protection strategy disparities as seen in early adopters of SaaS five years ago or virtualization 15 years ago. 52% of respondents are currently running containers, while 40% of organizations are planning to deploy containers – and yet, most organizations are merely protecting the underlying storage, instead of holistically protecting the workloads themselves. This is typical as new production platforms enter mainstream, followed by recognition that legacy methods are insufficient, thereby creating an opportunity for third-party backup tools to ensure comprehensive protection.
“IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing,” said Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam. “This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption. Legacy backup approaches won’t address modern workloads - from IaaS and SaaS to containers - and result in an unreliable and slow recovery for the business when it’s needed most. This is what’s focusing the minds of IT leaders as they consider their cyber resiliency plan. They need Modern Data Protection.”
Notable insights from the report include:
• Reliability and consistency (of protecting IaaS and SaaS alongside datacenter servers) are the key drivers for improving data protection in 2023. For organizations that are struggling to protect cloud-hosted data with legacy backup solutions, it is likely they will supplement their data center backup solution with IaaS/PaaS and/or SaaS capabilities.
• Ransomware is both the most common and most impactful cause of outages, alongside natural disasters (fire, flood, etc.) and user errors (overwrites, deletion, etc.). Organizations should implement backup and recovery solutions that support a holistic approach to data protection, and that can integrate with other cyber detection and remediation technologies to ensure comprehensive cyber resilience.
• Cloud-based services seem nearly inevitable for organizations of all sizes. But similar to how there isn’t just one type of production cloud, there isn’t just one protection cloud scenario. Organizations should consider cloud tiers for retention, Backup as a Service (BaaS) and ultimately, Disaster Recovery as a Service (DRaaS).