Signpost: Get ready for resilience

Resilience has become the ultimate stress test of business leadership. Every boardroom loves to speak about growth and transformation, yet the real measure of competence comes when systems fail or regulators demand answers.

“It is not if, but when an organisation gets attacked,” is the well-worn truism quoted by Andre Troskie, field CISO (chief information security officer) for Veeam in Europe, the Middle East and Africa

Troskie speaks from long experience. His career began in IT security auditing in South Africa, followed by years of executive consulting across Europe. That history gives him perspective on the constant illusion of preparedness.

“All our surveys and all our research indicates that people overestimate their ability to respond in their worst day ever,” he says.

This is part of the motivation for disaster recovery software company Veeam creating a Data Resilience Maturity Model. The framework gives companies an honest snapshot of their current state and maps a route toward greater resilience.

“We want to move from fear, uncertainty and doubt, to facts,” says Troskie.

The regulatory environment adds more pressure. Europe’s Digital Operational Resilience Act demands that companies test systems under realistic conditions.

“It is all about test, test, test,” says Troskie. “The way we used to check the validity of the controls within an organisation was we test whether the process existed, largely so it was kind of a tick box exercise. Now the new resilience regulations are saying you have to demonstrate that they work.”

Compliance also means proving that recovery works during extreme stress.

That requirement exposes a larger shift: resilience has moved from the technical basement to the corporate boardroom. Directors no longer sign off policies and move on.

“The board has to ask better questions, and they are now responsible and accountable for these new regulations,” says Troskie.

The challenge for executives is to convert that responsibility into competitive strength. Veeam, for its part, has recast its role from backup vendor into full resilience partner.

“Five years ago you probably saw Veeam as a data backup and recovery organisation. We now look at helping organisations implement data portability as well”.

That means customers can shift workloads across hypervisors or hyperscale platforms, protecting investments while opening new opportunities. But data security remains central.

“We want to provide an immutable backup store of your critical data, and then provide you the opportunity to bring that back as fast as possible”.

Immutable backups stop ransomware from corrupting recovery points, ensuring that clean data is always available. Automation ensures speed. Troskie recalls earlier years when recovery exercises dragged on while teams searched for paper instructions.

Veeam’s orchestrator tools allow entire systems to recover automatically, without delay or confusion.

“This has to happen in milliseconds,” he says. “It’s really about just having that finger on the pulse of what’s happening within your organisation”.

Integration with broader security systems allows early warnings before ransomware spreads widely, giving defenders a chance to act.

Cloud adoption adds another dimension. Executives often assume providers such as Microsoft or Amazon will protect their data fully, but the reality is different.

“The organisation remains responsible for their data,” is the bottom line. In response, Veeam offers granular restore tools, making it possible to recover a single mailbox or Salesforce record without rebuilding entire environments.

The ransomware threat has also created new services that blend technology with human skill. For example, Veeam’s acquisition of CoveWare gives companies access to negotiators with experience in cyber extortion.

 “We have former hostage negotiators that will then engage with the bad guy to really understand, do they really have the data?” says Troskie. Such expertise brings clarity to moments of chaos, when leadership faces impossible decisions.

Artificial intelligence brings both hope and hazard.

“We now move very quickly to a position of continuous, autonomous assurance and agentic AI that is going to be interacting with the business operations and the data”.

The real danger comes from excessive trust.

“We might be providing these agentic AI with excessive permissions, so we might have an identity, governance and administration problem heading our way”.

Troskie distils the message into a principle that every business leader can grasp. “Yes, we want to move fast to break things, but we need to make sure that we are as resilient as we possibly can be”.

* Arthur Goldstuck is CEO of World Wide Worx, editor-in-chief of Gadget.co.za, and author of “The Hitchhiker’s Guide to AI – The African Edge”.