Cyber resilience: Why playing defence after the whistle won’t win
The latest ransomware statistics are sobering, but here’s the hard truth: if you’re waiting for an attack to happen before strengthening your defences, you’ve already lost.
Veeam’s 2025 Risk to Resilience Report reveals a stark reality. While 69% of ransomware victims believed they were prepared before being attacked, that confidence dropped by over 20% after the incident.
The gap between perceived readiness and actual resilience highlights a critical flaw: too many organisations treat cybersecurity as reactive instead of proactive.
Ransomware is a battle against time and tactics
Law enforcement took down major ransomware groups like LockBit and BlackCat in 2024. However, this has led to the rise of smaller, more agile threat actors. These groups operate with alarming efficiency, reducing dwell time—the period between compromise and attack execution—from weeks to mere hours.
In Q2 2024, two of the top three ransomware groups had average dwell times under 24 hours, leaving organisations little time to detect and respond.
Australia’s experience with data breaches highlights this urgency. The Office of the Australian Information Commissioner reports that the health, Australian government, and finance services are among the top sectors for data breaches.
These aren’t just numbers – they represent real organisations facing real consequences.
The ransom payment trap
Some organisations see paying ransoms as a quick fix, but the reality is far riskier. Of those who paid, 69% were attacked again, effectively funding future criminal activity while painting a target on themselves.
The approach to incident response matters too. Companies with expert incident response teams were far less likely to pay ransoms – just 25%, compared to organisations handling incidents internally, which were 156% more likely to pay.
This reflects the difference between panic-driven reactions and well-prepared strategies.
Beyond backup: building true resilience
Traditional backup methods, while essential, are no longer enough to combat modern ransomware. The Veeam report found that 89% of organisations had their backup repositories targeted during attacks, with 34% on average being modified or deleted.
Relying on outdated backup strategies is like bringing water pistols to a gunfight.
Effective organisations embed resilience into daily operations through key practices:
- Immutable backups: Prevent attackers from altering recovery data. Only 32% of organisations use them, despite their reliability.
- Sandbox restoration protocols: Ensure data integrity by testing in a secure environment before returning to production. Yet, only 28% do this, while 39% restore directly to production – a risky gamble.
- Cross-team collaboration: Strong coordination between IT and security teams significantly improves outcomes, yet 52% of organisations need major improvements here.
Human expertise matters
Technology alone isn’t enough. Resilience also depends on human factors like clear chains of command, defined protocols for ransom decisions, and comprehensive training.
Only 30% of organisations have clear chains of command, and just 26% have formalised ransom payment decisions.
While 98% of organisations claimed to have playbooks, fewer than half included critical elements like backup verification or containment plans.
Having a plan isn’t enough – it has to be the right plan. And it should be in place before disaster strikes.
Making resilience your competitive advantage
Defending against ransomware can’t be an afterthought. Resilience must be a daily priority, built into your organisation’s operations. It’s about more than avoiding downtime or protecting data – it’s about maintaining trust in a world where cyber attacks can destroy customer confidence overnight.
True data resilience requires a mindset shift from reactive response to proactive defence. It demands investment in both technology and people, creating systems that assume compromise rather than hoping to prevent it.
The question isn’t whether your organisation will face a cyber attack – it’s whether you’ll be ready when it happens. In cybersecurity, as in most aspects of business, preparation separates the survivors from the statistics.
Written in partnership with
