A survey of 1,200 IT leaders conducted by Veeam Software suggests expectations of what a modern data protection platform should be able to address are changing. Top capabilities now being evaluated include the ability to use production data for secondary purposes (40%), integration with cybersecurity tools (39%), ability to migrate workloads (39%) and standardizing of data protection across multiple platforms.

As a result, more than half of respondents (54%) plan to change their primary backup solution compared to 27% not intending to make a change, the survey finds.

Overall, 92% expected to increase their data protection budgets in 2024, with the average increase expected to be 6.6% higher than in 2023.

The primary reason for making that shift is to improve the reliability of backups (36%), followed by enhanced detection/remediation capabilities for cyber or ransomware (31%). Three-quarters of respondents (75%) work for organizations that suffered at least one ransomware attack in the preceding twelve months, with more than a quarter (26%) noting they were attacked four or more times in the past year.

Despite those attacks, however, a full 85% recognized there is an “availability gap” between how fast they could recover versus what the business processes require. More than three-quarters (76%) also acknowledged there is a “protection gap” between how much data they could afford to lose and how often their data is protected.

In fact, on average, organizations are only testing and documenting data protection practices every 7.3 months, the survey found.

Dave Russell, vice president for enterprise strategy for Veeam, said while it is clear data protection should play a more pivotal role in cybersecurity than ever, there is still much work to be done in terms of melding IT and security operations to better ensure it. The challenge is that achieving that goal requires leadership at the vice president level or higher in most organizations, he added.

Unfortunately, the survey suggests there is a lack of consistency in the management teams responsible for data protection. Nearly half (47%) of respondents intend to seek a new job outside of their current organization, and another 20% are undecided.

At the same time, IT environments are more fragmented than ever. Nearly half of respondents (45%) are managing servers in on-premises IT environments, compared to more than a quarter (28%) managing servers in data centers. More than half (52%) said their organization is running containers in production environments, with another (35%) in the planning/deployment phases. However, only 25% are protecting those container environments, the survey notes. The more fragmented an IT environment becomes, the more challenging it becomes to comprehensively apply data protection.

On the plus side, at least 88% of respondents said they were either very likely or almost certain to use a backup-as-a-service (BaaS) or disaster recovery-as-a-service (DRaaS) platform for some of their production servers.

Data protection is, without a doubt, now a mainstream cybersecurity issue, but it’s apparent that far too many organizations have not melded the two together in a way that might better thwart ransomware attacks. In the absence of the capability, the outcome of a ransomware attack has become nothing less than far too predictable for all concerned.