Cyber threats are evolving faster than ever, and so are the expectations placed on organisations when incidents occur. While traditional cybersecurity has focused on prevention, today’s reality demands a broader mindset, one that assumes disruption and prioritises the ability to recover and continue operating. This shift from cybersecurity to cyber resilience is no longer optional; it’s essential.
As Lao Tzu once said, “resisting change is like holding your breath; even if you are successful, it won’t end well.”
That sentiment has never been more relevant in cybersecurity. Organisations are undergoing a fundamental shift in how they approach cyber risk. The traditional defend-and-block mindset is being replaced by a new understanding: when you get hit, you need to be able to keep going.
This evolution toward cyber resilience is being driven by two major forces. First, regulatory governance is driving organisations toward a minimum viable company model - one where critical operations must remain functional even during a cyber incident. Second, the rapid weaponisation of artificial intelligence by threat actors is making breaches not just possible, but increasingly inevitable.
The Double-Edged Sword of AI
Artificial intelligence - particularly agentic AI - is both a powerful enabler and a growing risk. On one hand, organisations are accelerating adoption. Budgets are increasing, and AI-driven tools are being embedded across cybersecurity, IT operations, and broader business functions. On the other hand, this rapid deployment often outpaces governance.
Many organisations do not conduct rigorous due diligence before deploying AI tools, lack visibility into whether these tools are compromised or underperforming, and struggle to validate compliance with governance and regulatory requirements. This creates a dangerous paradox: the very tools designed to improve efficiency, and security may also introduce new vulnerabilities.
The Expectation vs Reality Gap
At the same time, there is a widening disconnect between business expectations and operational reality.
Line-of-business leaders increasingly expect faster recovery times, minimal disruption to operations, and a rapid return to “business as usual.” However, the data tells a different story. While expectations for quick recovery have risen, tolerance for extended outages has sharply declined, and real-world time to recover is measured in weeks and months, not days, or even hours.
This gap creates intense pressure during an incident. IT and security teams are expected to restore operations faster than ever, often within highly complex and fragmented environments.
The Dangerous Temptation of Ransom Payments
Under this pressure, some organisations make a critical miscalculation: they choose to pay the ransom.
On the surface, it can seem like the fastest way to restore operations and “keep the lights on”. It is a high-risk strategy that frequently backfires. Threat actors often fail to provide working decryption keys, stolen data may still be leaked or sold, and organisations may be targeted again for additional ransom demands. Paying a ransom does not guarantee recovery and can often compound the problem.
Building for Resilience, Not Just Prevention
The takeaway is clear: prevention alone is no longer sufficient.
Organisations must design for resilience by assuming breach as a baseline scenario, prioritising rapid and reliable recovery capabilities, strengthening governance around emerging technologies like AI, and aligning business expectations with technical realities. Cyber resilience is not just about surviving an attack; it’s about continuing to operate through one.
How Commvault Can Help
This is where Commvault plays a critical role.
Commvault’s approach to cyber resilience is built around ensuring organisations can not only protect their data, but recover it rapidly, reliably, and at scale when it matters most. By combining intelligent data protection, automated recovery workflows, and advanced threat detection, Commvault helps organisations minimise downtime and maintain business continuity, even in the face of sophisticated attacks.
Just as importantly, it helps bridge the gap between business expectations and technical reality, giving leadership teams confidence that “keeping the lights on” is not just an aspiration, but an achievable outcome.
If you’re re‑evaluating how prepared your organisation is to withstand and recover from cyber incidents, now is the time to take the next step. Learn how a cyber resilience‑first approach can help protect your critical operations, reduce downtime, and keep your business running when it matters most.
👉 Talk to our Commvault BDM, Craig Sargent, about your Commvault cyber resilience strategy.