Veeam’s 2026 Data Trust and Resilience Report puts a hard number on a soft assumption. While 90% of organisations say they’re confident they could recover from a cyber incident, fewer than one in three ransomware victims actually recovered all their data. Among those affected, just 28% fully recovered; 44% got back less than three-quarters of what they lost.
That gap between confidence and outcome is the whole story. The 90% almost certainly have backups; what they don’t have is proof those backups restore cleanly, completely and fast enough to matter. Confidence is built on the assumption that the backup job ran. Recovery is built on having actually tested the restore.
The report’s other finding is the useful one: organisations that increased their resilience budget — and spent it on immutable storage and automated, verified backup — reported materially better ransomware outcomes. The differentiator wasn’t having backups. It was investing in the parts that make a backup a recovery.
