Authored by Dave Russell, Senior Vice President, Head of Strategy at Veeam
For years, many organizations have deprioritised data resilience. But as the threat landscape intensifies and regulatory expectations increase, resilience has moved from a backroom concern to a boardroom imperative.
In India alone, cybersecurity incidents reported to the Indian Computer Emergency Response Team (CERT-In) between 2019 and 2023 more than quadrupled, while those related to government organizations more than doubled in the same period. Increasingly, the limited visibility into backup environments and lack of confidence for full recovery have become growing concerns among many Indian CIOs and CISOs. It has drawn attention to the urgent need for data protection and resilience that is proactively tested and continuously evolved.
Time for a rethink
Awareness is only half the battle; preparedness is the other. With improved industry benchmarks, organizations are waking up to an uncomfortable fact – they aren’t as future-ready as they ought to be. A recent Veeam report, developed in collaboration with McKinsey, found that even fundamental elements of cyber resilience – particularly across People and Processes pillars – are significantly lacking in large enterprises. Meanwhile, PWC found that nearly half of senior executives surveyed in India cited procurement fraud as their biggest problem in business.
For C-suite decision-makers, resilience hasn’t been top of mind. Historically, it was often combined into general cybersecurity and with assumptions that it was already in place. Unfortunately, like most contingencies, the true value of data resilience isn’t appreciated until things go wrong.
The threat is also evolving; alongside organised groups, smaller collectives and ‘lone wolf’ attackers are now using faster, more aggressive tactics, including data exfiltration. India faced approximately 370 million malware attacks in 2024, reported the Data Security Council of India (DSCI). In the last year, over one million ransomware attacks got reported across the country.
The writing’s on the wall
Research by Veeam and McKinsey also revealed that 74% of global enterprises lacked the maturity to recover quickly and confidently from a disruption. Among Indian enterprises, fragmented IT landscapes and hybrid cloud adoption patterns that outpace policy standardisation are further amplifying this challenge. While there is digital progress, there are no resilience practices to keep pace – leading to major vulnerabilities.
In India, awareness is driven by regulators, including Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), and CERT-In are pushing for stronger frameworks, particularly in financial and digital services. CERT-In’s six-hour mandatory incident reporting prompted many organisations to revisit response plans, which can uncover blind spots in their recovery readiness.
This isn’t a sudden shortfall. The gap has widened gradually, especially as the pace of digital transformation outstripped resilience planning. With the rapid adoption of AI, cloud platforms, and remote work models, data volumes have exploded – and so has the complexity of protecting that data. Yet many organisations continue to operate with outdated assumptions and reactive approaches.
Compounding this is a widespread lack of clarity on what modern data resilience should look like. Many firms still rely on superficial audits or basic tabletop exercises that test theory, not reality. The result? A dangerous mismatch between perceived and actual readiness.
Taking a step in the right direction
So, what’s next? Rather than waiting for an incident and putting it to the test, organizations should get comfortable with proactively uncovering and addressing gaps.
The first step for any organization with below-par data resilience is to gather a clear picture of its data profile. What you have, where it’s stored, and why you do or don’t need it. This is particularly relevant in India, where digital adoption and implementation are accelerating. Currently, 94% of enterprises use some form of cloud service, and 69% plan to expand their cloud footprint. This cloud momentum is encouraging but enterprises are still delaying resilience as a part of the cloud strategy itself. The approach tends to be more focused on availability and cost optimisation and cyber recovery becomes an afterthought for most organisations in India.
In India, only 30% of users back up their data daily, often relying heavily on external hard services. Despite the availability of cloud and hybrid solutions, 28% of Indians remain unprotected, placing risky trust in their device’s reliability.
The broader picture is concerning: 7% of Indian organizations reached a ‘Mature’ level of readiness in cybersecurity preparedness – up from 4% last year – while 56% reported experiencing AI-related security incidents.
In filtering out obsolete, redundant, or trivial data, organizations can reduce this sprawl and focus their efforts on protecting the data that truly matters. Then comes the harder part – securing it with intent and rigour.
But the work doesn’t stop there. Once strong resilience measures are in place, they must be consistently stress-tested. Cyber attackers won’t wait for the perfect time to strike – and real-world conditions rarely delay mirror drills. Simulate high-pressure scenarios, such as system overloads, security teams being unavailable, or leadership being on leave.
It is a significant effort, but data resilience is worth every rupee. While India’s digitally driven growth continues, organizations must match it with equally strong cyber maturity before threats and liabilities catch up.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
