Veeam Software has launched a new Data Resilience Maturity Model (DRMM), offering organisations a strategic framework to assess and improve their readiness for data disruptions. The announcement follows new global research conducted in partnership with McKinsey & Company, which reveals that many organisations overestimate their data resilience, exposing themselves to significant operational and financial risk.
According to the findings, while 30% of CIOs believe their organisations are more resilient than average, fewer than 10% meet the benchmark in practice. The implications of this overconfidence are serious, with the Global 2000 companies collectively losing more than US$400 billion each year due to IT downtime. On average, each company suffers approximately US$200 million in losses, which includes reputational damage and disruption to operations.
Veeam’s Chief Executive Officer, Anand Eswaran, described the current situation as a critical issue that many organisations fail to grasp. “Data resilience is critical to survival—and most companies are operating in the dark,” he said. “The new Veeam DRMM is more than just a model; it’s a wake-up call that equips leaders with the tools and insights necessary to transform wishful thinking into actionable, radical resilience.”
A comprehensive framework grounded in real-world insights
The Veeam DRMM provides a structured approach to help organisations align their data strategies with operational goals by focusing on three core areas: data strategy, people and processes, and technology. It is the first framework of its kind built by a consortium of experts to address cyber resilience, disaster recovery, and operational continuity from a holistic perspective.
The research identified several key insights, including that 74% of organisations operate at the two lowest maturity levels, failing to follow best practices. Those classified in the ‘Best-in-Class’ category recover from outages seven times faster, experience three times less downtime, and suffer four times less data loss compared to lower maturity organisations. Notably, over 30% of CIOs in the least resilient organisations mistakenly believe their resilience capabilities are stronger than they are, placing their operations at high risk.
“Data resilience isn’t just about protecting data, it’s about protecting the entire business,” said Eswaran. “This is the difference between shutting down operations during an outage or keeping the business running. It’s the difference between paying a ransom or not.”
Resilience investment yields significant returns
Developed through interviews and feedback from over 500 IT, security, and operations leaders, the DRMM has been tested through actual deployments. One healthcare provider using the model was able to save US$5 million per outage, while a global bank implementing Veeam’s platform experienced zero cyber incidents.
The research also highlights the financial return on investing in resilience. For every US$1 spent on data resilience, organisations report a return of between US$3 and US$10, primarily due to improved uptime, lower incident costs, and better adaptability. As a result, data resilience has become the second-highest strategic priority for IT leaders, following cost optimisation.
The DRMM outlines four levels of maturity: Basic (manual and reactive), Intermediate (reliable but fragmented), Advanced (strategic but not fully integrated), and Best-in-Class (autonomous and AI-driven). According to George Westerman, Principal Research Scientist at the MIT Sloan School of Management, the model not only helps mitigate risks but also provides an opportunity to rethink and simplify IT infrastructures. “Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organisation,” said Westerman. “The Digital Resilience Maturity Model highlights ways that businesses can equip themselves to handle today’s challenges while being ready for tomorrow’s opportunities.”
Veeam is offering executive workshops to help organisations begin their maturity journey, reduce risk exposure, and build long-term resilience. The initiative reflects a broader push to ensure that data is always available, always protected, and positioned to drive future growth.
