Senior global and regional executives from Veeam share their views on top technology trends for 2025 in the Data Resilience space
In 2025, we’ll be waiting for the NIS2 hammer to fall
Andre Troskie, EMEA Field CISO, Veeam: “It almost goes without saying that leaders will continue to wrestle with regulation in 2025, especially with the arrival of DORA for the finance sector. However, next year’s biggest regulation story will be the first major NIS2 penalty. National regulators will give organizations time to become compliant – many countries have even extended their deadline – but expect to see the first big statement fine for noncompliance towards the end of next year.
“We saw this with Google in 2019, a year after the GDPR came into effect. National regulators will want to set a precedent and show they mean business. If geopolitical tensions continue on the same course next year, the EU will want to ensure Critical National Infrastructure is as resilient to cyber threats as possible. They’ve got the regulation in place, so they will want to show they’re not afraid to swing the hammer for noncompliance.”
Look out for Ransomware-as-a-Distraction in 2025
Edwin Weijdema, EMEA Field CTO, Veeam: “Ransomware has been a consistent blight on businesses in recent years, but it has been fairly consistent at least. I believe this will change next year, with ransomware evolving beyond its current model. Expect to see more attacks using encryption as a distraction, while more sophisticated attacks target data integrity or siphon sensitive information. Ransomware incidents demand attention and resources, but this creates an opportunity for hidden threats to infiltrate deeper systems.”
“Equally concerning, we could see more and more attackers skip the encryption phase altogether, simply stealing data through exfiltration and then sending a ransom demand. While this doesn’t disrupt operations in the same way, it is much harder to detect and protect against. Often after a successful theft, only then will attackers encrypt data, to serve as a distraction to buy them time to sell what they’ve stolen.”
“Finally, what keeps me up at night is not the worry of data encryption or theft but of attackers injecting malicious code into a healthy data set to render it worthless all of a sudden. As organizations become increasingly data-driven, this could be dire, not least because it would be incredibly hard to detect. Data resilience must include multi-layered detection to identify concurrent threats and prevent hidden breaches”.
The Rise of the Cloud Data Lakehouse
Michael Cade, Global Field CTO Cloud Strategy, Veeam: “As demand for storing and utilizing data grows, enterprise IT architecture will continue to evolve. Specifically, I expect the Cloud Data Lakehouse to become a popular choice next year – combining the scalability of a data lake with the more structured data management capabilities of a data warehouse. It addresses the demand for a unified data management approach while delivering the analytic capabilities that are gradually becoming non-negotiable for the modern enterprise.”
“As with most trends in the cloud space, cost and scalability are going to be key drivers. However, the pressure to be AI/ML-ready and compliant with evolving data regulations will be what moves the needle. By hook or by crook, enterprises will be working towards being more data-centric in 2025, so expect to hear the term Data Lakehouse more and more next year.”
Resilience Drills will take off in 2025
Mena Migally, Regional VP – EMEA East, Veeam: “I think most organizations have moved on from just looking at their cybersecurity and now have broadened their scope to the wider concern of cyber resilience. Because of this, expect to see much more attention given to“Resilience Drills” next year. It’s not enough to just test your security. You must test how your organization responds and recovers “right of bang”.
“Much like fire drills, resilience drills will become a more regular practice next year, simulating ransomware and cyber threat scenarios to test and refine an organization’s data resilience measures. These exercises will involve both IT and executive teams to ensure rapid, coordinated response and seamless recovery. As threats grow more sophisticated, resilience drills will be essential for keeping data resilience strategies agile and effective.”
The rise of sovereign clouds and data portability
Mohamad Rizk, Senior Regional Sales Director – Middle East & CIS, Veeam: “Evolving regulatory requirements and geopolitical pressures will force enterprises to re-think where their cloud data really ‘sits’. Expect an increased focus on data residency, ensuring data stays within specific national or regional borders. As part of this shift, we’ll see more demand for sovereign clouds – localized cloud environments that keep data within specific jurisdictions to support compliance and mitigate risk.”
“This, in turn, will highlight the need for data portability across hybrid environments. Enterprises might find out too late in the game that moving data between clouds isn’t easy. They’ll also need to consider ‘related’ data like backups or Large Language Model (LLM) training data, where those are being kept, and what risk is present. It’s a familiar story- the cloud gives businesses more options and flexibility, but taking advantage of these securely and sustainably will require some joined-up thinking.”