2023 Data Protection Report: Even More Orgs Suffer Ransomware Attacks
Veeam Software published a Data Protection Report for the new year, finding even more ransomware attacks plagued organizations in 2022.
In the company’s survey-based 2022 report, the data protection specialist indicated 76 percent of organizations had at least one ransomware attack in the previous year.
In the new 2023 report, that number has gone up by nine percentage points.
“Despite the awareness and increase in preparedness, ransomware is winning,” said Veeam about the Jan. 17 report. “Cyberattacks caused the most impactful outages for organizations in 2020, 2021 and 2022, according to the report. 85 percent of organizations were attacked at least once in the past 12 months; up from 76 percent in last year’s report. Specifically, recovery is a main concern as organizations reported that only 55 percent of their encrypted/destroyed data was recoverable from attacks.”
As the 2023 and 2023 charts below show, the percentage of respondents who reported undergoing no ransomware attacks also changed by 9 percentage points, from 24 percent in the 2022 report to 15 percent in the 2023 report.
The report is based on a late-2022 survey of 4,200 business and IT leaders around the world who were asked about their IT and data protection strategies, including their plans for 2023 and beyond.
The current years-long ransomware onslaught is front and center in the report, for which the company provided these highlights:
- Ransomware is the biggest hindrance to Digital Transformation: Due to its burden on budgets and manpower, ransomware and the current volatile cyber security landscape are taking priority for IT teams. This is causing IT resources and budgets originally allocated towards Digital Transformation initiatives to pivot to cyber prevention. Not only do cyberattacks drain operational budgets from ransoms to recovery efforts, but they also reduce organizations’ ability to modernize for their future success; instead, they must pay for prevention and mitigation of the status quo.
- Modern Data Protection is needed to keep businesses running: Four out of five organizations believe that they have a gap, or a sense of dissatisfaction or anxiety, between what their business units expect and what IT services can deliver. 82 percent have an ‘Availability Gap’ between how quickly they need systems to be recoverable and how quickly IT can bring them back. 79 percent cite a ‘Protection Gap’ between how much data they can lose and how frequently IT protects their data. These gaps are one reason that 57 percent of organizations expect to change their primary data protection in 2023, as well as the justification for increased data protection budgets.
- Data protection budgets are increasing: Globally, organizations expect to increase their data protection budget in 2023 by 5 percent, which is notably higher than overall spending plans in other areas of IT. Of the 85 percent of organizations planning on increasing their data protection budgets, their average planned increase is 8.3 percent and often in concert with increased investments in cybersecurity tools.
- Container-centric workloads are growing in popularity: Containers, and more specifically Kubernetes, show all the characteristics of a mainstream production platform, with the same kinds of data protection strategy disparities as seen in early adopters of SaaS five years ago or virtualization 15 years ago. 52 percent of respondents are currently running containers, while 40 percent of organizations are planning to deploy containers — and yet, most organizations are merely protecting the underlying storage, instead of holistically protecting the workloads themselves. This is typical as new production platforms enter mainstream, followed by recognition that legacy methods are insufficient, thereby creating an opportunity for third-party backup tools to ensure comprehensive protection.
Veeam said ransomware is both the most common and most impactful cause of outages, alongside natural disasters such as fires, floods and earthquakes, and user errors such as overwrites and deletions.
“IT leaders are facing a dual challenge,” said CTO Danny Allan. “They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing. This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption. Legacy backup approaches won’t address modern workloads — from IaaS and SaaS to containers — and result in an unreliable and slow recovery for the business when it’s needed most. This is what’s focusing the minds of IT leaders as they consider their cyber resiliency plan. They need Modern Data Protection.”
David Ramel is an editor and writer for Converge360.