The latest report carried out by Veeam Software published by Data Trust and Resilience Report reveals a growing gap between the confidence that organizations have in their cyber resilience and the results of their recovery in terms of security. As ransomware, regulatory pressure, and data risk associated with AI increase, security leaders at the strongest organizations are finding that confidence in recovery and evidence of recovery are completely different capabilities.

Veeam’s Data Trust and Resilience Report, based on the insights of more than 900 senior IT, security and risk management executives from around the world, reveals that while 90% of organizations are confident in their ability to recover from a cyber incident, less than a third of ransomware victims fully recover their data. On average, organizations recover only 72% of affected data following a ransomware attack, posing significant security challenges.

“Confidence in recovery from a ransomware attack is high, but the data shows something different, and AI is only widening that security gap,” said Anand Eswaran, CEO of Veeam. “Even the most sophisticated organizations are discovering that confidence in recovery and evidence of recovery are completely different capabilities. Data resilience remains a critical requirement for security: knowing what data you have, where it is stored, and who can access it; and demonstrating that you can quickly restore clean, reliable data when attackers or operational failures put your business at risk. The infrastructure to deploy AI has far outpaced the ability to protect and secure it. Organizations need capabilities. comprehensive solutions to understand, protect, manage and ensure the resilience and security of your data at the speed of machines.”

Eswaran adds: “Veeam is redefining resilience in the age of AI, where agents, applications and data move faster than traditional security controls. Our unified and trusted platform, strengthened by the recent acquisition of Securiti AI, offers the visibility, accuracy and reliability necessary to put resilience and security into practice, enabling companies to safely adopt AI without compromising recovery, compliance or continuity. The organizations that will lead the future are those that demonstrate trust and security. This is the new standard that Veeam is setting for the industry.”

Difference Between Confidence and Recovery

The 2026 report highlights why confidence in recovery must be accompanied by validated recovery capabilities and measurable security outcomes:

90% are confident they can recover from a cyber incident within expected recovery timeframes (RTOs), but only 69% say RTOs are fully aligned with business continuity and security objectives.

Among organizations affected by ransomware, where operations or data were compromised, only 28% fully recovered all affected data, reflecting weaknesses in security, and 44% recovered less than 75%.

Among organizations that experienced a cyber incident, 42% reported disruptions to customer services, 41% reported financial loss or impact to revenue, and 38% reported extended downtime of critical systems, all factors linked to security.

Regulation is becoming a key factor for resilience and security, as 33% point to regulatory changes as one of the main emerging threats, a figure almost identical to that of cyber attacks (36%).

AI is advancing faster than governance

As AI moves from experimentation to deployment, the report shows that many organizations are struggling to maintain visibility and control over data flows across applications, clouds, and third-party services, directly impacting security.

  • 43% say AI adoption is outpacing their ability to secure data and models.
  • 42% report limited visibility into all AI tools or models used in the organization, impacting security.
  • 40% say security policies have not yet been updated to address specific AI risks.
  • 25% say shadow IT and unauthorized use of AI tools are a top concern related to employee use of AI tools and data security.

What sets apart the strongest recoveries in terms of security?

Across all sectors and maturity levels, the report identifies four capabilities consistently linked to better results:

  1. Clear visibility into business data and AI risk across both production and backup data, strengthening security.
  2. Mandatory security controls (not just policies).
  3. Proven recovery through realistic testing and validation to ensure security.
  4. Align management on accountability, reporting, and what it means to be “recovered” with safety criteria.

A clear sign of moving from intention to execution: organizations with enforceable controls, such as data loss prevention (DLP), reported significantly better visibility and lower security latency as their use of AI expands.

Resilience improves when preparedness becomes measurable and leaders perceive risk in business and security terms.

Budgets, Metrics, and Measurable Preparation

The report also reveals that resilience improves when preparedness becomes measurable and leaders perceive risk in business and security terms:

49% increased their cybersecurity budgets year-on-year, strengthening security.

Organizations with budget increases were more likely to invest in resiliency and security foundations, such as immutable storage and automated backup, and performed better against ransomware.

Total recovery was significantly higher among organizations that reported budget increases (40% vs. 16%), evidencing improvements in security.

Veeam’s report underscores a crucial reality for business leaders: AI is amplifying both opportunities, operational exposure, and security risks, and recovery plans must go beyond assumptions. Confidence in data is not a statement, but a capability demonstrated through controls, clarity, security and flawless recovery.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.