Veeam

76% of leaders rated compliance pressures around data sovereignty as extremely or moderately important.

88% of IT leaders believe it will be extremely (50%) or moderately important (38%) in 2026 to ensure partners and suppliers meet their cybersecurity and data protection standards.

66% of IT leaders view AI-generated attacks as the most significant threat to data security, surpassing ransomware at 50%.

49% of IT leaders cited cybersecurity threats as the biggest disruptor in 2026.

45% of IT leaders selected strengthening cybersecurity as the single 'must win' IT initiative for 2026.

Only 29% of IT leaders expressed very high confidence in their ability to recover critical data after a zero-day exploit, while 59% were only somewhat confident.

54% of IT leaders plan for a moderate or significant increase in their budget for data protection and resilience in 2026.

60% of senior IT and business decision-makers worldwide reported reduced visibility of where their data resides due to the growth of multi-cloud and SaaS environments.

72% of IT leaders support a ban on ransomware payments, with 51% strongly supporting it.

41% of IT leaders believe increased executive-level accountability would have a major impact on improving cybersecurity and data protection.

22% of IT leaders identified AI maturity and regulation as the second-largest disruptor in 2026.

71% of IT leaders are either not confident (30%) or somewhat confident (41%) in maintaining operations during a multi-day cloud provider outage.

44% of IT leaders reported that their data visibility has somewhat reduced, while 16% reported a significant reduction due to the growth of their IT environment.

20% of financial services organizations have yet to secure the necessary budget to meet DORA requirements.

22% of financial services organizations believe the volume of digital regulation is becoming a barrier to innovation or competition.

94% of organizations are clear on the steps they need to take for DORA compliance.

40% of organizations call DORA a current "top digital resilience priority".

24% of financial services organizations have not established recovery and continuity testing (a DORA requirement).

23% of financial services organizations have not conducted digital operational resilience testing (a DORA requirement).

24% of financial services organizations have not identified a DORA implementation lead (a DORA requirement).

41% of senior IT decision makers at financial services report increased stress and pressure on IT and security teams due to DORA.

94% of organizations surveyed now rank DORA higher in their organizational priorities than they did in the month before the deadline.

39% of senior IT decision makers at financial services reported DORA remains a central focus.

Only 20% of financial services organizations have yet to implement third-party risk oversight (a DORA requirement).

Half (50%) of the respondents said DORA requirements have been integrated into their broader resilience programs.

Over a third (more than 33.3%) of financial services organizations named third-party oversight the most challenging DORA requirement to implement.

21% of financial services organizations have not ensured backup integrity and secure data recovery (a DORA requirement).

22% of financial services organizations felt that DORA’s design could have been improved to aid compliance

24% of financial services organizations have not implemented incident reporting (a DORA requirement).

37% of financial services organizations are dealing with higher costs passed on by ICT vendors as a consequence of DORA.

96% of EMEA financial services organizations believe they need to improve their resilience to meet DORA requirements.

34% of financial services organizations cite third-party risk oversight as the most challenging DORA requirement to implement.

Of organizations that paid a ransom, 60% paid less than half of the initial ransom.

Less than half of organizations had key technical elements included in their ransomware playbook.

A pre-defined “chain of command” was included in the ransomware playbook for 30% of organizations.

7 out of 10 organizations experienced a ransomware attack in the past year.

Pre-attack confidence among ransomware victims often doesn't reflect reality.

69% of organizations believed they were prepared before being attacked by ransomware. Their confidence plummeted by over 20% afterward.

CISOs experienced a 15% drop in their ransomware preparedness rating post-attack.

98% of respondents had a ransomware playbook.

The percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%.

Of organizations that were attacked by ransomware, only 10% recovered more than 90% of their data.

The total value of ransomware payments fell in 2024.

36% of organizations affected by ransomware opted not to pay a ransom.

Of organizations that paid a ransom, 82% paid less than the initial ransom.

Backup verifications and frequencies were included in ransomware playbook for 44% of organizations.

CIOs experienced a 30% decline in their ransomware preparedness rating post-attack.

Of organizations that were attacked by ransomware, 57% recovered less than 50% of their data.

Organizations that prioritize data resilience can recover from ransomware attacks up to seven times faster.