Veeam unveils data resilience model as outages cost more than $400 billion

Veeam Software has launched a new Data Resilience Maturity Model aimed at providing organisations with a strategic means to assess and enhance their data resilience.

The release of the Data Resilience Maturity Model (DRMM) comes alongside findings from research conducted by Veeam in partnership with McKinsey, which indicate a significant gap between perceived and actual data resilience among organisations. According to the joint study, while 30% of Chief Information Officers (CIOs) believe their organisations are above average in data resilience, fewer than 10% actually meet that standard.

The research also highlights the substantial costs associated with IT downtime. For companies in the Global 2000, IT outages cost more than $400 billion annually, with individual companies incurring losses of approximately $200 million per outage, factoring in both reputational and operational impacts.

Anand Eswaran, Chief Executive Officer of Veeam, commented on the findings: "Data resilience is critical to survival - and most companies are operating in the dark. The new Veeam DRMM is more than just a model; it's a wake-up call that equips leaders with the tools and insights necessary to transform wishful thinking into actionable, radical resilience, enabling them to start protecting their data with the same urgency as they protect their revenue, employees, customers, and brand."

The DRMM is structured to help leaders evaluate and improve their organisation's data resilience, facilitating alignment between technical, human, and procedural aspects of data management. This collaborative approach aims to minimise risk and enable organisations to maintain focus on strategic priorities. The model, developed by a consortium of industry experts, is said to be the only framework offering a comprehensive view encompassing cyber resilience, disaster recovery, and operational continuity across three principal areas: data strategy, people and processes, and technology.

The research underpinning the DRMM presents several key insights. Seventy-four percent of organisations assessed were found to be operating at the two lowest levels of maturity, below best practices. Organisations at the highest maturity level - referred to as the 'Best-in-Class horizon' - were observed to recover from outages seven times faster, have three times less downtime, and sustain four times less data loss than those less mature. The report also found that over 30% of CIOs at the least resilient organisations overestimated their data resilience capabilities, potentially placing their businesses at greater risk.

Eswaran elaborated on the implications of these findings: "Data resilience isn't just about protecting data, it's about protecting the entire business. This is the difference between shutting down operations during an outage or keeping the business running. It's the difference between paying a ransom or not. It provides the foundation for AI innovation, compliance, trust, and long-term performance – including competitive advantage."

The development of the DRMM involved input from over 500 leaders in IT, security, and operations, and included more than 50 interviews with C-level executives. The model has already been validated through its application in real-world settings, such as a healthcare system that reported savings of $5 million per outage and a global bank that has had no cyber incidents since implementing the framework alongside Veeam's platform.

Financial data from the DRMM research indicates that investments in data resilience can provide substantial returns. For each $1 invested in data resilience measures, companies have gained returns between $3 and $5, and sometimes as much as $10, attributed to factors such as increased system uptime, lower incident costs, and improved agility. This has resulted in data resilience becoming the second highest strategic priority for IT leaders, following cost optimisation.

The DRMM defines four horizons of data resilience maturity: Basic, which is reactive and manual; Intermediate, characterised by reliability but lacking automation; Advanced, which is strategic and proactive but not fully integrated; and Best-in-Class, which is autonomous, AI-optimised, and fully resilient.

George Westerman, Principal Research Scientist at the MIT Sloan School of Management, explained the significance of executive involvement in data resilience efforts. "As organisations increasingly recognise the growing risks associated with data outages and cyber threats, the report underscores the importance of a collective commitment from executives beyond the IT department, to data resilience. Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organisation."

"But even more, they can be a signal of immature IT management processes that have led to overly complex, hard to manage, IT infrastructure. The Digital Resilience Maturity Model highlights ways that businesses can equip themselves to handle today's challenges while being ready for tomorrow's opportunities."

Organisations can begin assessing and advancing their data resilience maturity through tailored executive workshops provided by Veeam. These workshops are designed to support progress along the maturity curve, reduce risk exposure, and foster operational continuity.

Veeam's report, produced in collaboration with McKinsey, is based on a detailed survey of 500 senior IT, information security, and operations leaders from large enterprises, supplemented by interviews with C-level executives and IT leaders. It emphasises the need for organisations to incorporate data resilience as part of their broader business strategy.