Despite 30% of CIOs believing otherwise, only 10% of organizations are truly data resilient, recent research says.
Nina Tebbe, Sr. Director of Enterprise Sales at Veeam, explains why organizations need to focus on processes and people, not just technology, for true resilience.
To expose organizational blind spots, Tebbe recommends conducting structured resilience workshops that help leaders confront issues technology alone can't solve.
A dangerous illusion of readiness is warping the reality of enterprise resilience. Nearly 30% of CIOs think their organizations are above average in data resilience, but fewer than 10% actually are. Now, some experts say the cause isn't a lack of technology, but a blind spot in leadership.
Nina Tebbe, Senior Director of Enterprise Sales for EMEA at data resilience leader Veeam, is one of those experts. With 25 years of leadership experience at tech giants like IBM and Rockwell Automation, she has a history of building high-performing teams and driving growth. According to Tebbe, the problem is that organizations have been focused on the wrong things.
The illusion of readiness: Most of the time, overconfidence is the result of a fundamental misunderstanding of what resilience actually requires, Tebbe explains. "Organizations only look at the technology. They don't look at the processes. They don't look at the people."
But the stakes are also higher than ever. With 90% of the world's data having been created in just the last two years, the threat is inevitable, Tebbe says. "Now, the only certainties are 'death, taxes, and ransomware.'" And the numbers prove it: 69% of organizations have been attacked. Worse, of those successfully attacked, 78% get hit a second time by the same threat actor.
Technological defenses alone may not be enough to solve the problem, Tebbe advises. For example, she recalls an executive in Saudi Arabia who, when asked for his plan during a cyber attack, replied, "I would open up my laptop." Her response was blunt: "During a real attack, that laptop is useless."
What this way of thinking reveals is a fundamental failure to plan for the human and procedural elements of a crisis, Tebbe explains. To expose these blind spots, she suggests conducting structured resilience workshops that force leaders to confront the questions technology often can't answer:
A broken chain of command: Most leaders assume their standard communication tools will function during a crisis, Tebbe says. But this isn't often the case. "Do you have a chain of command for when your systems go down? How do you know who to call in your organization? Do you have them on the phone, or is it in Teams? Do you have a private WhatsApp group, for instance?" Tebbe asks.
Decision-making under duress: When critical decisions depend on a single person, it creates a significant point of failure. "Who has the authority to decide whether or not to pay a ransom? Do you have somebody that you can call? What if that person is on a mountain and unavailable? How do you react to that?"
An over-reliance on digital: Often stored on compromised systems, the recovery plan itself often becomes inaccessible. Tebbe asks, "When did you last print out your process for what to do when you have an attack or an outage? Do you have a physical copy available right now?"
Workshops like the ones Tebbe describes often function as a diagnostic tool to ground an organization's assumptions in reality. But success isn't measured by a signed contract. Here, it's measured by the moment the illusion of readiness shatters. "A 'win' is getting a client to acknowledge the gap between their perceived and actual readiness," she explains.
A sign of maturity, not market: Compliance and data sovereignty laws might vary across a diverse region like EMEA, Tebbe continues. But the core principles of resilience are universal. The key differentiator is internal readiness, not geography. "Resilience depends on the maturity of the organization, not the market it's in."
The good news is that companies are ready to act, with 87% increasing their investment in the cloud over the last two years. As a result, the global data resiliency market is set to grow from $20.9 billion in 2023 to $94.5 billion by 2033.
Now, the challenge is directing that investment effectively. Because true resilience isn't built with technology alone, Tebbe concludes. It's built by empowering people and perfecting processes. "The goal isn't an overnight fix. It's about listening to the client to define the next affordable, practical step."
