ITWeb, in partnership with Veeam, conducted a survey on just how prepared businesses in SA and Africa are to recover from a ransomware or cyber attack, as well as the resources they have at their disposal to help them recover.

A total of 208 valid responses were captured, with 64% of respondents being at executive or middle management level. Of these, 116 were from businesses with 200+ employees. In the survey findings, some of the results from the 200+ companies (57% of the respondent pool) were compared against the full respondent sample to get a view of how larger companies perceive their data resilience readiness.

The survey attracted a large response base from both public sector and IT, with 32% of the overall respondents from the IT sector, 18% from government and 15% from financial services.

Here are some of the key findings:

Interestingly, the majority of survey respondents rely on internal teams for information about cyber threats and attack techniques, with the top three sources being: insights shared by internal security and backup teams (65%); third-party threat intelligence services (52%); and security vendor briefings and reports (52%).

Showing a high level of confidence and proactivity, most respondent organisations (87%) conduct regular security assessments on their backup infrastructure to detect vulnerabilities and potential threats. Of those that don’t, 8% plan to start doing so.

Just over three-quarters (77%) of survey respondents use backup data as an additional layer of defence to scan for indicators of compromise, malware or other threats.

The biggest cause of business downtime was cited as power outages (38%), followed by hardware failure (24%) and cyber attacks (17%).

Assuming a worst-case scenario where all systems are affected, respondents were asked how long it would take their organisation to restore full operations. Almost half (49%) said they could restore in under 24 hours, while a third (35%) said between one and three days.

The majority of respondents (83%) were confident of their ability to recover from a ransomware attack. For 200+ businesses, this figure rose to 86%.

However, a Veeam 2025 Ransomware Trends and Proactive Strategies report found that while 69% of ransomware victims believed they were prepared, confidence dropped by over 20% after the attack, revealing critical gaps in ransomware readiness and planning.

The top three actions taken by respondent organisations to protect against ransomware are: regular data backups (83%); employee training on phishing and malware (75%); and implementing endpoint protection such as anti-ransomware tools (71%). The respondents from the 200+ companies ranked these in a slightly different order, with regular data backups (88%) followed by implementing endpoint protection (76%) and then conducting employee training (75%).

Respondents were asked what resources their organisation had in place for response and recovery in the event of a ransomware or cyber extortion incident. Sixty percent said they had an internal incident response team, 18% had an external incident response provider that was retained independently, 8% said they had no established resources and would seek assistance as and when needed, and 7% had an external incident response service provided through their cyber insurance policy. The only significant difference here was that 68% of 200+ companies had a dedicated internal response team.

Half of respondents (48%) had a cyber insurance policy that includes incident response and negotiation support, 14% have this as an optional add-on, and 13% said incident response and negotiation weren’t included as part of their cyber insurance policy.

Finally, almost half of respondent organisations (44%) said they have integrated AI either partially or fully into their data protection strategies. A third (33%) plan to deploy AI and the remainder have no plans to do so.

