2024 was a pivotal year for data resilience due to significant challenges and some remarkable advancements too. From additional regulatory frameworks like NIS2 in the E.U. to cyberattacks and natural disasters, this year prompted a heightened focus on strategies to better safeguard and manage vital company data. As we stand on the edge of 2025, we see that our digital landscape is evolving at an unprecedented pace with the introduction of AI and machine learning in the world of data protection and increased regulatory compliance and privacy regulations.
In this blog post, we’ll dive into some insights our Veeam executives have for the future of data protection in the coming year so we can all walk into 2025 more resilient and prepared than ever.
2025 Brings a Stronger Need for Data Resilience Standards
“Next year, we’ll see an increase in the frequency and severity of cyberattacks (coupled with the need for more consistent and effective security measures), regulatory gaps, and public pressure to drive more stringent cyber resilience standards and approaches to data resilience, incident response, and disaster recovery within the U.S. government.
We’ll see increased regulations around mandatory backup and recovery strategies specific to frequency, retention periods, and testing protocols. This involves air-gapped backups stored offline, immutable storage systems, and regular testing of backup and recovery procedures. We may also see data resilience become a compliance responsibility if regulators require organizations to implement comprehensive data resilience plans as part of their compliance obligations.” – Gil Vega, CIO, SVP for Global Information Security, Veeam Software
In 2025, We’ll Be Waiting for the NIS2 Hammer to Fall
“It almost goes without saying that leaders will continue to wrestle with regulation in 2025, especially with the arrival of DORA for the finance sector. However, next year’s biggest regulation story will be the first major NIS2 penalty. National regulators will give organizations time to become compliant – many countries have even extended their deadline – but expect to see the first big statement fine for noncompliance toward the end of next year.
We saw this with Google in 2019, a year after the GDPR came into effect. National regulators will want to set a precedent and show they mean business. If geopolitical tensions continue the same course next year, the EU will want to ensure critical national infrastructure is as resilient to cyberthreats as possible. They’ve got the regulations in place, so they will want to show they’re not afraid to swing the hammer for noncompliance.” – Andre Troskie, EMEA Field CISO, Veeam Software
Look out for Ransomware-as-a-Distraction
“Ransomware has been a consistent blight on businesses in recent years, but it has been fairly consistent. I believe this will change next year, with ransomware evolving beyond its current model.
Expect to see more attacks using encryption as a distraction, while more sophisticated attacks target data integrity or siphon sensitive information. Ransomware incidents demand attention and resources, but this creates an opportunity for hidden threats to infiltrate deeper systems.
Equally concerning, we could see more and more attackers skip the encryption phase altogether, simply stealing data through exfiltration and then sending a ransom demand. While this doesn’t disrupt operations in the same way, it is much harder to detect and protect against. Often after a successful theft, only then will attackers encrypt data to serve as a distraction to buy them time to sell what they’ve stolen.
Finally, what keeps me up at night is not the worry of data encryption or theft but of attackers injecting malicious code into a healthy data set to render it worthless all of a sudden. As organizations become increasingly data-driven, this could be dire, not least because it would be incredibly hard to detect. Data resilience must include multi-layered detection to identify concurrent threats and prevent hidden breaches.” – Edwin Weijdema, EMEA Field CTO, Veeam Software
There’s No Shame in the Ransomware Game
“In 2025, we will see a shift in how we talk about breaches, moving toward normalization and progress rather than blame. The reality is that close to 75% of data breaches stem from human error, an emphasis on blame will only add more fuel to the fire – pushing IT and security pros out the door and widening the skills shortage gap. Addressing both mental health and shame openly will lead to a stronger, more resilient workforce. Leaders must understand that we’re only as good as our planning, which requires invested leadership at the helm with compliance professionals guiding foundational initiatives. In 2025, companies that emphasize clear communication and a unified approach, with compliance leading implementation and leadership championing security, will be better positioned to attract top talent.” – Shiva Pillay, General Manager and SVP, Americas, Veeam
AI Will Transform UI, IT Platforms, and SaaS
“By 2025, AI agents will have firmly established themselves as integral components of the workforce. Moving on from the chatbot paradigm where LLMs are used to make suggestions or answer domain-specific questions, agent-based platforms will be able to “speak” to data and Application Programming Interfaces (APIs) to drive the resolution of problems and reduce operational toil. With the growth of goal-oriented, adaptable AI systems and NLP that can learn from and adapt to user behavior and new use cases, UIs will evolve to become conversational. There will be obvious use cases of being able to generate reports and dashboards without requiring specialized knowledge or code development skills — but this only scratches the surface. More important will be the shift to let users say what they want done and use AI-based agents to perform multi-step functions to achieve outcomes.
Plus, the growth of AI will give rise to the ability to deploy previously unheard-of levels of customization to IT actions. For example, instead of having broad backup policies that work at certain frequencies, IT admins will be able to ask for dynamic, adaptive policies. These policies will customize themselves based on a variety of input signals (e.g., user behavior, data access patterns, customer risk profile) and be able to do so at very fine granularities (e.g., per user or per mailbox). Also, Service as Software (also known as SaaS 2.0 or intelligent SaaS) is going to flip the SaaS paradigm on the head. IT systems will need to evolve to behave as an active partner, more than what has been seen in current “copilot” implementations. Leveraging the above trends and predictions, Service as Software will leverage AI to deliver proactive, adaptive, and personalized experiences.” – Niraj Tolia, CTO, Veeam
Increased Data Repatriation from the Public Cloud to On-premises
“A number of businesses are expected to move workloads from the public cloud back to on-premises data centers to manage costs and improve efficiencies. This is the essence of data freedom – the ability to move and store data wherever you need it, with no vendor lock-in.
Organizations that previously shifted to the public cloud now realize that a hybrid approach is more advantageous for achieving cloud economics. While the public cloud has its benefits, local infrastructure can offer superior control and performance in certain instances, such as for resource-intensive applications that need to remain closer to the edge. We can also now consume and operate on-premises infrastructure with the same tooling and level of automation previously restricted to the public cloud. Gartner says that many companies are re-evaluating their data strategies after seeing the full implications of shifting workloads, which has led to a renewed interest in hybrid and multi-cloud models. Factors such as market uncertainty, evolving licensing structures, and regulatory considerations will also influence this shift, as businesses seek data strategies that are adaptable while optimising access and data sovereignty. As a result, businesses are seeking more flexible and scalable solutions, such as multi-cloud or hybrid-cloud approaches.
However, any shift in data infrastructure poses risks, including data loss or corruption. With increasing concerns around moving data safely and with integrity, many businesses will turn to vendors, such as Veeam, who already have data resilience ingrained within its backup and recovery solutions.” -Anthony Spiteri, Product Strategy, Office of the CTO, Veeam
The Rise of the Cloud Data Lakehouse
“As demand for storing and utilizing data grows, enterprise IT architecture will continue to evolve. Specifically, I expect the cloud data lakehouse to become a popular choice next year. Cloud data lakehouses combine the scalability of a data lake with the more structured data management capabilities of a data warehouse. It addresses the demand for a unified data management approach while delivering the analytic capabilities that are gradually becoming non-negotiable for the modern enterprise.
As with most trends in the cloud space, cost and scalability are going to be key drivers. However, the pressure to be AI/ML-ready and compliant with evolving data regulations will be what moves the needle. By hook or by crook, enterprises will be working towards being more data-centric in 2025, so expect to hear the term ‘data lakehouse’ more and more next year.” – Michael Cade, Global Field CTO of Cloud Strategy, Veeam Software
Data is our lifeblood — and the importance of building robust data resilience capabilities has never been clearer. As we head forward into the new year, it’ll be essential to approach data resilience with an open, communicative, and no-shame mindset since ransomware will continue to be almost a given in 2025. This means that planning beforehand will be key, particularly since regulatory compliance standards will become more prevalent and important to adhere to. AI will continue to become a more significant part of the world of data resilience, changing IT platforms, data lakehouses, UIs, and SaaS. With the increasing complexity of our data landscape, the freedom to move and store your data wherever makes sense for your business will become even more important.