Combatting Cyberthreats with Agility and Flexibility

Traditionally, the C-suite has left data resilience and cybersecurity to the experts on their IT and security teams without much executive oversight, and that approach made the most sense for a long time. However, as organizations’ operations have become increasingly dependent on technology and exposed to cyberattacks, it’s time for the C-suite to get more involved. In this issue, we’ll talk about how to adapt, and how remaining agile and flexible with your cyber and data resilience strategy will be key for organizations going forward.

🏊 Sink or Swim

With cyberattacks mounting and regulatory compliance getting more stringent and widespread, executives must start preparing organizations for potential cyber incidents. This month, Rick Vanover wrote an article that goes through the proactive steps needed to strengthen your defenses and ensure compliance ahead of time. This is especially critical, since regulations in many countries include leadership positions in those who should be held accountable when cyberattacks and breaches happen.

Part of preparing for this is putting secure by design and zero-trust measures like multi-factor authentication (MFA), assume breach, strong access controls, and a robust data resilience platform solution in place to prevent and mitigate risk wherever possible. It’s also important to make sure that organizations are prepared for cyberattacks when they happen, and a big part of this is ensuring IT, security, and executive team members work together to regularly test their solutions, incident response plans, and procedures.

🛡️ Prioritize Resilience

To make the testing process as effective as possible, it’s important for executive, IT, and security teams to sit down and evaluate your organization’s current readiness when it comes to data protection. To make this process a little easier, Veeam, Dr. George Westerman from MIT, and McKinsey & Company collaborated to create a new Data Resilience Maturity Model (DRMM) to help companies evaluate their own data resilience strategy and give executives and board members an easy way to assess their situation. This includes a roadmap to improve risk mitigation and disaster recovery (DR).

One major insight from this report is that performance gaps are very real, and that the majority of organizations are experiencing these gaps on some level. Executives and boards of directors need to prioritize data resilience now, since these gaps represent significant risk to continuity, revenue, and organizational reputation. The DRMM outlines four major data resilience “horizons”: Basic, intermediate, advanced, and best-in-class readiness. Assessing your organization against these horizons makes it easier to create improvement timelines and help take your organization to the next level. Our CEO, Anand Eswaran , shared some insights with the Wall Street Journal around this exact topic, going into more detail about the current risk landscape, and what organizations can do to improve their data resilience.

🤔 Ask the Right Questions

Being truly agile and flexible means making sure the people behind your organization are resilient too. It's important to check in and make sure chains of command are established between executive, IT, and security professionals to drive informed decision making, especially during cyberattacks. These critical questions include asking yourself questions surrounding accountability, oversight, asset protection, workforce readiness, and more.

Critical cyber recovery questions for the board:

• Accountability and oversight: Who owns cyber risk and recovery at the executive level?
• Asset protection: Are the organization’s critical assets known, mapped, categorized based on value/cost of downtime, and assigned to clear owners?
• Threat awareness: What are the top cyberthreats, and how prepared are we to mitigate them?
• Regulatory compliance: Are we meeting all security incident reporting and compliance obligations?
• Incident response and testing: How often are recovery plans tested, and does testing include both disaster and cyber recovery? What are the latest results?
• Workforce readiness: How are employees trained to identify and report cyber incidents?
• Technology investments: How is the organization leveraging automation and AI for cyber resilience?
• Decentralized cyber decisions: How are cybersecurity decisions managed as more tech choices shift outside central IT?

📰 Veeam News

Want to dive deeper? Good news! We’ve got a ton of new content, including:

• IDC #1 Market Share: We’re very happy to celebrate our continued leadership in Market Share in Data Protection Software in the IDC Worldwide Semiannual Software Tracker for 2024.  To all our customers, partners, and users, thank you for your support. Together, we’re not just defending ground; we’re reclaiming it.
• Industry Insights: Join host Leah Troscianecki and Aaron Murphy as they explore the challenges many enterprises face during disruptions. Be sure to check out our latest episode for actionable steps that can transform your organization’s approach to effectively preparing for the unexpected. Plus, hear from guest speakers Demetrius M. , senior product manager of Azure Storage at Microsoft , and Michal Goldshtein , director of security and research at Palo Alto Networks , as they share their own insights into this topic.
• Upcoming Webinar: On June 3, join Leah Troscianecki and Courtney Elder for an insightful webinar where industry experts will delve into the importance of risk management, risk transference, regulatory compliance, and how they all come together to protect infrastructures and supply chains. If you’re not able to make it live, no worries! Slides and recordings will be sent out to all registrants after the webinar.
• Infosecurity Europe 2025: Ready to boost your cybersecurity strategy? Be sure to stop by Veeam Booth #B88 at Infosecurity Europe 2025 from June 3 - 5 in London to connect with our experts, receive a personalized demo, and test your security skills with an interactive game!

We hope these insights are helpful as you strengthen your own data resilience strategies and encourage closer collaboration between your executive, IT, and security teams. Stay tuned for more updates, industry news, and best practices in our next edition!