Organizations invest more in data protection but recover less

92% of organizations will increase 2024 data protection spend, to achieve cyber resilience amidst continued threats of ransomware and cyberattacks, according to Veeam Software.

Respondents shared that cyberattacks remain the top cause of outages and that while organizations are putting more emphasis on utilizing the cloud for major recoveries, only a small percentage believe they’d be able to recover from even a small crisis in under a week.

For the fourth straight year, cyberattacks were listed as the most common and most impactful causes of business outages across organizations. The fact that other types of outages followed closely behind – infrastructure/networking, storage hardware, application software, public cloud resources, and server hardware – illustrated the growing need for modernized backup strategies.

Organizations brace for ransomware impact

76% of organizations were attacked at least once in the past 12 months. While this number is down from 85% in 2023, 26% reported being attacked at least four times this past year. So according to the report, more organizations were hit quarterly than those who believe they were not attacked at all. Recovery is still a major concern, as only 13% said they can successfully orchestrate recovery during a DR situation.

The survey ranked protecting against cyber threats and addressing environmental, social, and governmental goals as the biggest inhibitors to IT modernization and digital transformation initiatives. These factors scored higher than usual struggles related to skills, economic concerns and organizational issues, due to the amount of effort and resources that were being diverted from digital transformation or IT modernization investments.

While most organizations consider cyber resiliency a foundational aspect of their broader business continuity or disaster recovery (BC/DR) strategy, BC/DR preparedness is not yet “passing” most service-level agreement (SLA) expectations. When asked how long IT would need to recover 50 servers, only 32% believed their IT staffs could recover the servers within five business days.

Other supporting statistics reflect the growing gap between what data protection business units expect and what IT services can deliver is increasing. When asked about their latest large scale cyber/disaster test, 58% of servers were recoverable within expectations.

Data protection budgets are expected to grow

Data protection budgets are expected to grow by 6.6% in 2024. This is the second straight year the survey revealed that data protection spending growth will outpace IT spending growth.

For the second straight year, survey respondents consider the most common and most important aspect of a modern data protection solution is one that integrates with cyber security tools. 41% of respondents consider some aspect of mobility in cloud scenarios as most important characteristic of a modern solution, including the ability to move a workload from one cloud to another and the standardization of protection between on-premises workloads and IaaS/SaaS.

“Ransomware continues to be the biggest threat to business continuity,” said Dave Russell, VP of Enterprise Strategy at Veeam. “It’s the number one cause of outages today, and protecting against it is hampering digital transformation efforts. Furthermore, although companies are increasing their spend on protection, less than a third of companies believe they can recover quickly from a small attack. The findings in this year’s report highlight the need for continued cyber vigilance, and the importance of every organization to ensure they have the right protection and recovery capabilities.”

Container usage continues to rise

Container usage continues to rise, with 59% of enterprises running them in production, and another 37% either rolling them out or planning to. Unfortunately, only 25% of organizations use a backup solution that is purpose-built for containers, while the rest of organizations back up only some of the underlying components – e.g., storage repositories or the database contents. Neither tactic ensures that the applications and services will be resumable after a crisis, or even a simple import/configuration error that needs to be undone.

The fact that 47% of respondents expressed an intent to seek a new job outside of their current organization within the next twelve months represents both a challenge and an opportunity for data protection initiatives. While losing valuable data protection talent puts organizations at a significant disadvantage when crises inevitably strike, the market shift presents an opportunity to add knowledge to protect modern production workloads that reside in clouds, such as Microsoft 365, Kubernetes containers, or other IaaS/PaaS deployments.

For the second straight year, the two most important considerations for “enterprise backup” solutions are reliability and the protection of cloud-hosted workloads (IaaS and SaaS). This is problematic for organizations relying on older datacenter-centric data protection solutions.

As organizations move workloads from one platform or cloud to another, IT teams relying on legacy backup solutions that do not offer equitable protection of cloud-hosted workloads will struggle to maintain SLAs, particularly those that embrace cloud-native offerings like Microsoft 365/Salesforce (SaaS) or containers.