Year 2025 will see Ransomware-as-a-Distraction, The Rise of the Cloud Data Lakehouse and Resilience Drills take off as sovereign clouds and data portability come into existence.
These are the technological predictions from Veeam’s senior global and regional executives, who share their views on next year’s top technology trends in the Data Resilience space.
“It almost goes without saying that leaders will continue to wrestle with regulation in 2025, especially with the arrival of DORA for the finance sector. However, next year's biggest regulation story will be the first major NIS2 penalty. National regulators will give organisations time to become compliant – many countries have even extended their deadline – but expect to see the first big statement fine for noncompliance towards the end of next year.
“We saw this with Google in 2019, a year after the GDPR came into effect. National regulators will want to set a precedent and show they mean business. If geopolitical tensions continue on the same course next year, the EU will want to ensure Critical National Infrastructure is as resilient to cyber threats as possible. They’ve got the regulation in place, so they will want to show they’re not afraid to swing the hammer for noncompliance,” says Andre Troskie, EMEA Field CISO, Veeam.
Look out for Ransomware-as-a-Distraction in 2025
“Ransomware has been a consistent blight on businesses in recent years, but it has been fairly consistent at least. I believe this will change next year, with ransomware evolving beyond its current model. Expect to see more attacks using encryption as a distraction, while more sophisticated attacks target data integrity or siphon sensitive information. Ransomware incidents demand attention and resources, but this creates an opportunity for hidden threats to infiltrate deeper systems.
“Equally concerning, we could see more and more attackers skip the encryption phase altogether, simply stealing data through exfiltration and then sending a ransom demand. While this doesn’t disrupt operations in the same way, it is much harder to detect and protect against. Often after a successful theft, only then will attackers encrypt data, to serve as a distraction to buy them time to sell what they’ve stolen.
“Finally, what keeps me up at night is not the worry of data encryption or theft but of attackers injecting malicious code into a healthy data set to render it worthless all of a sudden. As organisations become increasingly data-driven, this could be dire, not least because it would be incredibly hard to detect. Data resilience must include multi-layered detection to identify concurrent threats and prevent hidden breaches,” says Edwin Weijdema, EMEA Field CTO, Veeam.
The rise of the Cloud Data Lakehouse
“As demand for storing and utilising data grows, enterprise IT architecture will continue to evolve. Specifically, I expect the Cloud Data Lakehouse to become a popular choice next year - combining the scalability of a data lake with the more structured data management capabilities of a data warehouse. It addresses the demand for a unified data management approach while delivering the analytic capabilities that are gradually becoming non-negotiable for the modern enterprise.
“As with most trends in the cloud space, cost and scalability are going to be key drivers. However, the pressure to be AI/ML-ready and compliant with evolving data regulations will be what moves the needle. By hook or by crook, enterprises will be working towards being more data-centric in 2025, so expect to hear the term Data Lakehouse more and more next year,” says Michael Cade, Global Field CTO Cloud Strategy, Veeam.
"Resilience Drills" will take off in 2025
“I think most organisations have moved on from just looking at their cybersecurity and now have broadened their scope to the wider concern of cyber resilience. Because of this, expect to see much more attention given to “Resilience Drills" next year. It’s not enough to just test your security. You must test how your organisation responds and recovers “right of bang”
“Much like fire drills, resilience drills will become a more regular practice next year, simulating ransomware and cyber threat scenarios to test and refine an organisation’s data resilience measures. These exercises will involve both IT and executive teams to ensure rapid, coordinated response and seamless recovery. As threats grow more sophisticated, resilience drills will be essential for keeping data resilience strategies agile and effective,” says Mena Migally, Regional VP - EMEA East, Veeam.
The rise of sovereign clouds and data portability
“Evolving regulatory requirements and geopolitical pressures will force enterprises to re-think where their cloud data really ‘sits’. Expect an increased focus on data residency, ensuring data stays within specific national or regional borders. As part of this shift, we’ll see more demand for sovereign clouds – localised cloud environments that keep data within specific jurisdictions to support compliance and mitigate risk.
“This, in turn, will highlight the need for data portability across hybrid environments. Enterprises might find out too late in the game that moving data between clouds isn’t easy. They’ll also need to consider ‘related’ data like backups or Large Language Model (LLM) training data, where those are being kept, and what risk is present. It's a familiar story- the cloud gives businesses more options and flexibility, but taking advantage of these securely and sustainably will require some joined-up thinking,” says Mohamad Rizk, Senior Regional Sales Director - Middle East & CIS, Veeam.--TradeArabia News Service