Why cyber resilience is at the heart of business continuity in the AI age

Imagine this: millions of dollars lost. 2.45 terabytes of your company's most sensitive data exposed, over a full day lost to unplanned downtime. These are the harsh realities of the escalating costs associated with today's cyberattacks.

Data breaches are on the rise in Australia, and high-profile corporate examples from Aussie household names never seem far from the headlines. Data from the Office of the Australian Information Commissioner (OAIC) shows that businesses and government agencies reported more than 1,100 data breaches to the regulator in 2024. This represents the highest annual figure since 2018 when mandatory data breach notification requirements came into effect.

As digital revenues grow, the integrity, availability, and security of data are rapidly becoming paramount concerns for the C-Suite, especially as organisations race to adopt the latest technologies.

Malicious and criminal attacks have been the main source of reported breaches since the Australian Notifiable Data Breaches scheme began. Furthermore, with more than half of APAC organisations experiencing some form of ransomware attack from 2023 to 2024, a critical question looms large: Can we truly protect the very systems and data powering our future, and ensure business continuity when the inevitable attack hits? The answer, and your best defence, lies in doubling down on cyber resilience – enhancing the business's ability to anticipate, withstand, recover from, and adapt to cyber events.

Building robust data protection

In our increasingly complex digital world, securing data is the single most crucial action for ensuring business continuity. According to global data from IDC, insufficient air gapping and a lack of immutable backups were two of the top three reasons organisations paid a ransom during a ransomware attack.

Robust data protection is therefore non-negotiable and must encompass four key elements:

• The speed to protect significantly large datasets effectively.
• The ability to restore data quickly, often with built-in deduplication technology.
• Protection for modern workloads across on-premises, virtual, and multi-cloud environments.
• Solutions designed for peak performance, efficiency and scalable growth.
   

Examples of the requisite measures to boost cyber resilience include: enhancing cyber resiliency through further automating zero trust security features, including immutability, encryption, multi-factor authentication, and role-based access controls. These are critical, given the new risk vectors associated with AI adoption. These measures also provide efficient recovery options to protect against ransomware and cyber threats, significantly reducing recovery time.

The new reality: An era of constant cyber threats

Cyber resilience empowers organisations to strengthen their defences while maintaining the agility to recover when attacks inevitably occur. Encouragingly, APAC organisations are leading the way, with 59% already seeking external professional support as a first step towards greater cyber resilience.

Consider these key challenges shaping this new reality:

• The expanding attack surface: GenAI applications will create new avenues for cyberattacks, from data poisoning and privacy breaches to sophisticated social engineering. Data protection solutions must mitigate the consequences of compromised AI data.
• False sense of security: Alarmingly, nearly three-quarters of employees mistakenly believe their organisations can simply pay a ransom to recover all data and resume operations. This overconfidence is a dangerous vulnerability.
• Limited insurance coverage: While ransomware insurance is common, policies often come with restrictive clauses and limitations, leaving organisations financially vulnerable. Nearly half of APAC policies provide insufficient coverage to fully address the financial fallout of an attack.
• Complex tool ecosystem and public cloud dependency: Organisations grapple with a complex web of backup tools and solutions, often acknowledging the need for upgrades. This is compounded by a growing reliance on cloud service providers for data protection, despite lingering security concerns. Many are even considering moving workloads back on-premise due to these concerns, but lack the expertise to do so effectively.

Closing the gap: Protecting your AI investments

Cultivating true cyber resilience starts at the top: it must be a boardroom priority, treated with the same urgency as financial risks or competitive strategy. Executives must allocate sufficient resources, set clear timelines, and embed security and resilience at every level; this approach empowers every employee and ensures accountability for their role in maintaining cyber resilience.

Organisations like Dell Technologies support Zero Trust principles, acknowledging that cyber threats are pervasive and require security measures throughout their entire technology lifecycle. To achieve this, organisations can leverage key strategies that significantly improve recovery outcomes. For instance, a Forrester study highlights how Dell PowerProtect Cyber Recovery reduces downtime by 75% and recovery hours by 80%.

These strategies include:

• Reducing the attack surface: Safeguarding data integrity and confidentiality by creating 'locked' data copies to prohibit deletion or changes. This includes using robust security controls such as hardware root of trust, secure boot, encryption, retention lock, role-based access controls, and multi-factor authentication.
• Automated data isolation: Making infiltration harder for attackers by isolating components of the active production environment within a secure digital vault, ensuring that sensitive data is never directly exposed to potential threat actors.
• Rapid detection and response: Preparing for inevitable threats with AI-powered machine learning and full-content indexing to identify and neutralise intrusions quickly, minimising chances of data corruption.
• Effective recovery and remediation: Providing reliable data and recovery plans after an incident to rebound effectively, ensuring business continuity without compromise.
• Strategic solution planning and design: Engaging expert guidance to assess appropriate recovery time objectives (RTOs) and recovery point objectives (RPOs) to streamline the recovery process.

Conclusion

As our reliance on cloud services, hybrid environments, and generative AI deepens, protecting our digital world becomes increasingly complex. Especially with AI-readiness now a fundamental business expectation, CIOs must ensure their platforms can effectively leverage AI without compromising productivity. To truly thrive then, businesses must move beyond reactive security. The path forward is a proactive defence – embracing cyber resilience as a strategic imperative to ensure business continuity and confidently navigate any future challenges the AI age may bring.

Top image credit: iStock.com/narvo vexar