Veeam report reveals rising data recovery success—but critical infrastructure gaps persist
A new analysis from Veeam reveals a paradox at the heart of EMEA’s ransomware response: while fewer organisations are paying ransoms, most remain dangerously unprepared for full-scale cyber crises. According to Veeam’s 2025 Ransomware Trends Report, ransom payments dropped 22% year-on-year, yet 63% of organisations still lack alternative infrastructure plans—leaving them unable to recover from site-wide attacks.
The shift reflects growing skepticism about the reliability of attackers. In 2024, only 32% of EMEA organisations that paid ransoms successfully recovered their data, down from 54% the previous year. Meanwhile, the number of organisations recovering data without paying doubled—from 14% in 2023 to 30% in 2024.
“Payments may drop, but it doesn’t mean attacks will.”
— Tim Pfaelzer, SVP & GM EMEA, Veeam
“Attackers remain an untrustworthy method of recovering data,” said Tim Pfaelzer, SVP & General Manager EMEA at Veeam. “We’re seeing some abandon encryption altogether, opting instead to steal data for extortion or sale. For others, disruption—not profit—is the goal.”
Despite regulatory momentum from frameworks like NIS2 and DORA, Veeam’s findings show that resilience gaps persist. Without alternative infrastructure, organisations face weeks of downtime after an attack—an operational and reputational disaster. With outages costing up to £1 million per hour, the stakes are high.
“It’s clear that recovery is now central to resilience strategies,” Pfaelzer added. “But regulation alone isn’t enough. Organisations must go further—implementing robust backups and alternative infrastructure to eliminate the need for ransom payments altogether.”
The report also highlights the impact of law enforcement crackdowns, such as the takedown of Lockbit, in disrupting ransomware networks. Yet Veeam warns that without proactive resilience measures, organisations risk being caught flat-footed when the next attack strikes.
As ransomware tactics evolve, EMEA’s path to true resilience demands more than reactive defense. It requires infrastructure, foresight, and a refusal to negotiate with cybercriminals.