02 May 2025

Veeam and McKinsey have launched the Data Resilience Maturity Model (DRMM) to provide a framework for organizations to assess their data resilience capabilities.

The research behind the model reveals a significant disconnect between CIOs’ perceptions of their data resilience and the actual maturity of their systems. While 30% of CIOs believe their organizations are above average, fewer than 10% achieve that level in practice. Over 74% of organizations operate at the two lowest maturity levels, potentially exposing them to significant risk.

The report highlights the substantial financial impact of IT downtime. Global 2000 companies collectively experience over US$400 billion in losses annually due to outages, reputational damage, and operational disruption. Individual companies can face losses of up to US$200 million per year.

The DRMM offers a comprehensive approach, evaluating data strategy, people and processes, and technology to gauge an organization’s resilience. It’s the only industry model encompassing cyber resilience, disaster recovery, and operational continuity. Key findings indicate that organizations at the highest maturity level (Best-in-Class) recover from outages seven times faster, experience three times less downtime, and incur four times less data loss than those in lower tiers. Furthermore, the model categorizes organizations into four horizons — Basic, Intermediate, Advanced, and Best-in-Class — based on their resilience levels.

Veeam CEO Anand Eswaran emphasizes the critical nature of data resilience, calling it essential for business survival. The DRMM aims to transform wishful thinking into actionable resilience, equipping organizations to prioritize data protection alongside revenue, employees, customers, and brand reputation.

The research, based on surveys and interviews with senior IT leaders, showcases the substantial return on investment (ROI) from data resilience investments. Each US$1 invested can yield between US$3-10 in value through improved uptime, reduced incident costs, and enhanced agility. The model positions data resilience as the second-most important strategic priority for IT leaders, following only cost optimization.