Data resilience critical as ransomware attacks target backups
With more threat actors targeting backup repositories to ensure a payday, Veeam urges organisations to treat data resilience as a competitive advantage, not just an insurance policy
The growing ransomware threat is driving organisations to rethink data protection, with data resilience now more critical than ever as cyber criminals deliberately target backup repositories to guarantee a payday.
According to research from Veeam, 89% of ransomware attacks in the past year were on the target’s backup repository, a figure that reflects a shift in criminal tactics.
Speaking at VeeamOn Tour Sydney 2025, John Jester, Veeam’s global chief commercial officer, noted that in such instances, a third of repositories were modified or deleted, putting victim organisations in an extremely vulnerable position. The research also found that 69% of companies had suffered at least one ransomware attack in the past year, and 69% of those victims were attacked again, often by the same group.
Attacks are also happening faster, with the average time between an attacker gaining system access, exfiltrating data and delivering a ransom demand falling to just 24 hours. Jester suggested that criminals are using artificial intelligence (AI) to achieve this speed, meaning defenders must do the same.
“You have to invest in the right solutions and processes,” said Jester, pointing to Veeam’s five-pillar data resilience strategy and maturity model. “Data resilience maturity is a competitive advantage. It’s not just insurance; it’s a strategy for driving your company better.”
Veeam has the runs on the board, having reached $1.75bn annual recurring revenue, with more than 550,000 customers, including 67% of the Global 2000. It also holds worldwide market share leadership in four categories: data protection software, Microsoft 365 data protection, Kubernetes data protection, and enterprise backup and recovery software, said Gary Mitchell, vice-president for Australia and New Zealand (ANZ).
You have to invest in the right solutions and processes. Data resilience maturity is a competitive advantage. It’s not just insurance; it’s a strategy for driving your company better
John Jester, Veeam
Mitchell said business is going well in ANZ, where IDC data shows Veeam is the local market share leader. From 2020 to 2024, Veeam has taken the top spot in IDC’s semi-annual software tracker for data protection software in ANZ, with a 35% market share in the second half of 2024. He noted a renewed focus on backup and recovery in the region, with organisations providing the necessary budget.
Larger organisations are showing interest in Coveware, the incident response supplier that Veeam acquired in early 2024. However, the high-growth products in the region are Veeam Data Cloud for Microsoft 365, Entra ID, Azure, Salesforce and Vault workloads, delivered as a service. Mitchell said interest from the enterprise market is growing as Veeam’s solutions mature with end-to-end orchestration and strong partner services, widening its appeal beyond its traditional small and medium-sized enterprise (SME) and mid-tier base.
The fastest growth has come from Veeam Data Cloud Vault, an Azure-based immutable cloud storage service introduced last November that connects easily to Veeam Backup and Restore. It can be used as a primary or secondary backup destination – for example, as a replacement for tape storage. Mitchell said this is also the first time Veeam has sold storage alongside its software, and while initial uptake has been from smaller organisations, larger customers are considering it for their next refresh cycles.
Ben Young, Veeam’s field chief technology officer in Asia-Pacific and Japan, noted that local response to the upcoming Veeam Data Platform 13 has also been positive, particularly in the way the hardened, JeOS (Just enough OS)-based Veeam software appliance reduces the attack surface to improve the security of backup data.
In addition, more appropriate default settings mean a new or replacement server can be put to work more quickly, support for passive nodes allows high availability, and finer-grained access controls help achieve least-privilege access.
Young added that support for third-party identity providers will be “a game-changer” for mid-sized and larger organisations.
Veeam has been asked to support additional cloud workloads, reflecting the shift from on-premise to as-a-service. But Young pointed out two key considerations: is the market big enough to justify the cost and effort involved, and does a particular service allow the restoration of data? That said, Veeam will be keeping in touch with its customers about their current and prospective requirements.
And although customers in every country where Microsoft 365 is available locally want to see an onshore instance of Veeam Data Cloud, that isn’t always viable for the company, he said, even though Veeam Data Cloud runs on Azure.
Data portability a growing consideration
There is also increasing demand for data portability, Mitchell observed. While organisations once aimed to go “all-in” on one platform, there is now concern about putting all their eggs in one basket – a sentiment driven by Broadcom’s licensing changes for VMware.
New Zealand telco One NZ is one such customer prioritising portability. Its cloud and infrastructure manager, Sumit Kumar, described two major projects using Veeam. One involves consolidating multiple customer relationship management (CRM) systems into a single Salesforce instance, which Veeam will back up to ensure the telco owns its own data and can move it elsewhere if needed.
A second project involves reworking the company’s core network systems into containers, which will be protected by Veeam Kasten for rapid restoration and portability across Amazon Web Services (AWS), Microsoft Azure and Google Cloud.
Another issue that benefits Veeam is a preference for toolsets that work across multiple platforms, such as Salesforce and Microsoft 365, Mitchell said, as opposed to using different products to protect data on different platforms.
That was the case for Lee Swift, chief information security officer (CISO) at Catholic Education Western Australia (CEWA), which looks after 162 schools with 95,000 users, some in remote areas of the state. Until seven years ago, the schools operated largely independently in terms of IT, but there has since been a process of gradual consolidation.
As a large Microsoft user with 2PB (petabytes) of cloud data, CEWA uses Veeam to protect its environment, including its Entra ID identity and access management service. Swift said the ability to “train once” on a single platform is a significant advantage for his small IT team.
A particular issue facing the non-profit organisation is the existence of 163 historic databases from the pre-consolidation era, and some of that data must be retained for 99 years. Recent Veeam developments mean those backups can be accessed via a large language model (LLM) interface, something that Swift said will save a lot of time.
“Backup systems are a great aggregator of data,” said Young, adding that VaultIQ unlocks that data by delivering it via multiple search engines and the Model Context Protocol to LLMs such as Claude. Veeam is “in pole position to resurface that data”, making backup “more than just an insurance policy”, he added.
Read more about cyber security in ANZ
Qantas begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised.
