Global Insights: Veeam Executives Share Key Technology Trends for 2025

In 2025, leaders across industries will continue grappling with regulatory challenges, especially with the advent of the Digital Operational Resilience Act (DORA) for the finance sector. However, the most significant regulatory development will likely be the first substantial penalty under the NIS2 Directive. While national regulators are offering businesses time to comply, with some countries even extending deadlines, it’s expected that towards the end of next year, we will witness the first major fine for noncompliance. This mirrors the situation in 2019, when Google was hit with a significant fine a year after the General Data Protection Regulation (GDPR) came into effect.

National regulators are likely to issue these penalties to set a strong precedent and demonstrate their commitment to enforcing compliance. With rising geopolitical tensions, the EU will aim to bolster the resilience of Critical National Infrastructure (CNI) against cyber threats. Having established the regulations, they will want to show they are prepared to take decisive action against noncompliance.

Ransomware, a consistent issue for businesses, is predicted to evolve in 2025. While ransomware attacks have followed a relatively stable pattern, next year, we could see a shift. Attackers may use encryption as a diversion while launching more sophisticated attacks that focus on data integrity or stealing sensitive information. Rather than disrupting operations with encryption, we could see more attackers exfiltrate data and issue ransom demands post-theft. This approach is more difficult to detect and protect against, as it avoids the obvious disruption caused by encryption. After the data is stolen, attackers might encrypt it to delay detection, buying time to sell the stolen information.

What could pose an even more significant threat, however, is the injection of malicious code into otherwise healthy data sets, making them worthless. This is especially concerning as organizations become increasingly data-driven. Such an attack would be incredibly challenging to detect, highlighting the critical need for data resilience strategies that include multi-layered detection mechanisms to identify hidden breaches and prevent attacks from escalating.

As the demand for data storage and usage increases, the architecture of enterprise IT will continue to evolve. A key trend to watch is the rise of the Cloud Data Lakehouse. This new model combines the scalability of a data lake with the structured management capabilities of a data warehouse. It promises a unified approach to data management, catering to the analytical needs that modern enterprises now consider essential. The driving factors behind this shift will include cost-efficiency, scalability, and the need for compliance with evolving data regulations. Enterprises will increasingly focus on becoming data-centric, and terms like “Data Lakehouse” will become more prevalent.

In 2025, expect a significant increase in “Resilience Drills,” as organizations move beyond cybersecurity to embrace broader cyber resilience strategies. These drills, similar to fire drills, will test an organization’s ability to respond to and recover from cyber threats like ransomware. These exercises will involve IT and executive teams working together to ensure that recovery is both rapid and coordinated. As cyber threats become more sophisticated, these resilience drills will become a regular practice, helping organizations refine their data resilience strategies and ensure they remain effective.

The growing importance of sovereign clouds and data portability will also take center stage. Regulatory pressures and geopolitical factors will prompt enterprises to reconsider where their cloud data resides, with an increasing focus on ensuring that data remains within national or regional borders to meet compliance requirements. This will fuel demand for sovereign clouds — localized cloud environments designed to keep data within specific jurisdictions to reduce risks. Consequently, data portability across hybrid cloud environments will become a critical consideration. Enterprises will need to be mindful of the complexities of moving data between clouds and ensuring that both primary data and related data, such as backups or training data for large language models (LLMs), are securely stored and managed. While the cloud offers flexibility, it will require careful planning and strategy to ensure that enterprises can take full advantage of these options in a secure and compliant manner.