Veeam Software has unveiled the industry’s first Data Resilience Maturity Model (DRMM). The new framework empowers organisations to objectively assess their true resilience posture and take decisive, strategic action to close the gap between perception and reality to ensure their data is resilient in the face of growing cyberattacks and outages.
Joint research conducted by Veeam and McKinsey reveals a staggering disconnect. While 30% of CIOs believe their organisations are above average in data resilience, fewer than 10% are. This miscalculation is not just risky; it’s reckless. According to the report, IT downtime costs the Global 2000 over USD400 billion annually, with USD200 million in losses per company from outages, reputational damage, and operational disruption.
“Data resilience is critical to survival, and most companies are operating in the dark,” said Veeam CEO Anand Eswaran. “The new Veeam DRMM is more than just a model; it’s a wake-up call.”
The Veeam DRMM framework empowers leaders to assess and improve their data resilience by providing insights for aligning people, processes, and technical capabilities with their overall data strategy. This alignment helps minimise risk exposure while allowing organisations to concentrate on mission-critical objectives and sustain a competitive advantage.
Notably, the Veeam DRMM stands out as the only framework in the industry from a consortium of industry experts that delivers a holistic perspective on cyber resilience, disaster recovery, and operational continuity across three key domains: data strategy, people and processes, and technology.
Key findings from the Veeam DRMM research include:
-
74% of organisations fall short of best practices, operating at the two lowest levels of maturity;
-
Organisations at the highest maturity level (the Best-in-Class horizon) recover from outages seven times faster, experience three times less downtime, and suffer four times less data loss than their peers; and
-
Over 30% of CIOs in the least resilient companies mistakenly believe their data resilience capabilities are better than they actually are, exposing their businesses to potential failure.
“Data resilience isn’t just about protecting data, it’s about protecting the entire business,” said Eswaran. “This is the difference between shutting down operations during an outage or keeping the business running. It’s the difference between paying a ransom or not. It provides the foundation for AI innovation, compliance, trust, and long-term performance, including competitive advantage.”
Built on extensive research in collaboration with McKinsey & Company and insights from over 500 IT, security, and operations leaders, the Veeam DRMM has been validated through real-world customer outcomes, including a healthcare system that saved USD5 million per outage and a global bank that achieved zero cyber incidents after implementing the model with Veeam’s platform.
Investing in data resilience yields substantial returns, according to the DRMM research which shows that for every USD1 spent on data resilience measures, companies reap USD3 to USD5, and sometimes as much as USD10, in return – driven by improved uptime, reduced incident costs, and enhanced agility. As a result, data resilience has surged to the second top strategic priority for IT leaders, second only to cost optimisation.
The Veeam DRMM categorises organisations across four data resilience maturity horizons:
-
Basic: Reactive and manual, highly exposed;
-
Intermediate: Reliable but fragmented, lacking automation;
-
Advanced: Strategic and proactive, yet missing full integration; and
-
Best-in-Class: Autonomous, AI-optimised, fully resilient
” As organisations increasingly recognise the growing risks associated with data outages and cyber threats, the report underscores the importance of a collective commitment from executives beyond the IT department to data resilience,” said George Westerman, Principal Research Scientist at the MIT Sloan School of Management. “Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organisation. But even more, they can signal an immature IT management processes that have led to overly complex, hard to manage IT infrastructure. The Digital Resilience Maturity Model highlights ways that businesses can equip themselves to handle today’s challenges while being ready for tomorrow’s opportunities.”
