Prioritising resilience: The key to surviving modern IT disruptions

India is undergoing one of the fastest digital transformations globally, fueled by cloud-first strategies, rapid AI adoption, Unified Payments Interface (UPI)-led financial innovation, and government initiatives like Digital India and Open Network for Digital Commerce (ONDC).

However, this rapid growth also brings unprecedented exposure to cyber threats and operational disruptions. For enterprises across BFSI, IT services, healthcare, and manufacturing, data resilience can no longer remain an IT checklist item; it must be elevated to a boardroom priority.

The cyber risk landscape in India is uniquely complex. In 2024 alone, the country faced more than 370 million malware attacks, ranking among the most targeted nations worldwide. Sectors like BFSI (17.4%) and healthcare (21.8 %), which are cornerstones of India’s digital economy, remain the most vulnerable. The stakes are rising sharply, with the average cost of a data breach in India reaching a record ₹220 million in 2025, up 13% from the previous year.

Regulatory expectations are adding further pressure. The Digital Personal Data Protection Act (2023) and CERT-In’s mandatory breach reporting requirements demand stronger governance and faster incident response. Beyond financial penalties, non-compliance can erode trust in a market where data is central to growth. For India’s outsourcing-driven IT services industry, even a single breach can send shockwaves across global client networks.

In this hyper-connected environment, enterprises often treat all risks as equally critical. Yet true resilience doesn’t come from trying to do everything, it comes from focusing on the right priorities. Ransomware, supply chain vulnerabilities, and growing scrutiny around data sovereignty highlight an unforgiving and unpredictable threat landscape.

Attempting to eliminate every risk is unrealistic. Real resilience begins with acknowledging this reality and making deliberate choices about which risks addressing first.

Unique risk landscape in India

India’s digital economy is unlike any other. With a mix of state-driven digital public infrastructure (like Aadhaar, UPI, and ONDC), a thriving startup ecosystem, and massive global outsourcing operations, disruption in one node can have ripple effects across millions of users and even international markets.

BFSI: The backbone of India’s financial inclusion story, but also a prime target for ransomware and phishing attacks.
Healthcare: Digitisation of patient records is accelerating, but cybersecurity investments lag behind, making sensitive data highly vulnerable.
IT Services: India’s role as the “back office of the world” means breaches here can undermine global supply chains and client trust.

On top of this, new regulatory expectations, like the Digital Personal Data Protection Act (2023) and CERT-In’s 6-hour breach reporting mandate, are raising the stakes. Non-compliance can erode not just financial stability but also public trust in India’s digital growth story.

Focusing on what matters most

Resilient organisations take a stepwise approach to risk. They don’t attempt to tackle every vulnerability at once. Instead, they prioritise based on impact and likelihood, ensuring that critical assets are protected, and recovery strategies align with business continuity objectives.

Resiliency continues to be a critical objective for Indian organisations, as cyberattacks are rising in both volume and sophistication. For Indian enterprises, this focus is more urgent than ever as cyberattacks rise in both volume and sophistication.

Veeam’s Strategies to Counter Ransomware Threats in India 2025 report reveals that 90% of organisations experienced attempts by attackers to compromise their backups, with 66% confirming successful breaches and an average of 34% of repositories being altered or deleted. While 69% believed they were well-prepared before an attack, confidence levels dropped to 55% after facing one.

This sharp gap between perceived and actual resilience is a wake-up call: even well-prepared organisations must continuously reassess their priorities and adapt recovery strategies to what truly matters most. The takeaway? Even well-prepared organisations must constantly reassess what risks truly matter and act on them accordingly.

Resilience starts with a robust risk assessment

Every organisation, regardless of size or sector, must incorporate risk assessments as a regular operational discipline, not just a once-a-year compliance checkbox. This means continuously evaluating gaps in backup repositories, backup integrity, and recoverability.

In India, rapid digital adoption across BFSI, IT services, and healthcare has significantly increased cyber risk. Regulations like the Digital Personal Data Protection Act (2023) and CERT-In breach reporting make strong risk assessments essential. Yet many organisations continue to operate in silos, and even the most advanced AI defences can’t fully prevent data loss or disruption.

What differentiates resilient organisations is their ability to adapt. Cyber risks are not static; they evolve as fast as the technologies that drive them. Today, ransomware dwell times have dropped to less than 24 hours, giving enterprises a dramatically smaller response window. At the same time, compliance requirements are becoming stricter, and boardrooms are demanding clearer proof of resilience.

Organisations that embed dynamic reassessment into their operations, constantly aligning people, processes, and technologies, will be best positioned to withstand disruption and recover with confidence.

Universality of resilience principles

No matter the industry or region, the underlying challenge is the same: how do you strengthen resilience without overengineering solutions or overwhelming your teams?
At Veeam, we’ve seen that organisations that take a focused, strategic approach achieve more meaningful outcomes. For example, those that partner with third-party experts like Coveware by Veeam during incident response were 156% less likely to pay a ransom, and even when they did, they paid 45% less than the median. These are not just financial wins, they reflect operational maturity and preparedness.

Resilience is not about perfection. It’s confidence built through smart, deliberate choices. Whether in Bengaluru, Mumbai, Singapore, or Munich, the principle holds: true resilience comes from doing fewer thing exceptionally well, rather than trying to do everything at once.

With rapid digital adoption, increasing cloud deployments, and stricter regulatory requirements, organisations must focus on prioritizing critical assets, validating backups, and aligning IT and cybersecurity teams. These deliberate choices help build a resilient foundation capable of withstanding both expected and unforeseen disruptions.

Making smarter choices with limited resources

As IT leaders face tightening budgets and rising expectations, they must be ruthless about prioritisation. According to joint research conducted by Veeam and McKinsey, 74% of organisations globally fall short of best practices in data resilience, and nearly a third of CIOs overestimate their maturity. The organisations that do it well? They recover from outages up to seven times faster and experience one-third as much downtime. 

For Indian organisations, the stakes are higher than ever. The average cost of a data breach reached Rs. 220 million (Rs.22 crore) in 2025, a significant 13% increase over the previous year – a national record high. Phishing, third-party vendor compromise, and vulnerability exploitation remain the most common causes, but the time to detect and contain breaches is improving, now averaging 263 days.

Progress, not perfection

As India’s digital economy accelerates, the question has shifted. It’s no longer: “How do we prevent everything?” Instead, it’s: “How do we ensure what matters most is protected, backed up, and recoverable?”

True resilience is not about eliminating every threat; it’s about knowing where to act and acting decisively. The most resilient organisations don’t chase perfection. They focus on building confidence: identifying their greatest risks, allocating resources effectively, and aligning their teams around what matters most.

Resilience, ultimately, is not perfection, it’s confidence. Confidence that operations will continue despite disruption, that customer trust will endure, and that India’s digital economy can keep advancing without being derailed by crises.

Sandeep Bhambure

---

Sandeep Bhambure is Vice President and Managing Director, India & SAARC at Veeam Software.

Rick Vanover

---

Rick Vanover is Vice President, Product Strategy at Veeam.