The National Institute for Standards and Technologies defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. 

According to the Veeam Ransomware Trends 2024, APJ edition, leaders in the region are increasing their budgets for cyber prevention and detection by 6.3%, while spending on recovering technologies will rise by 6.2%. The figures are double the forecasted IT budget increase of 3.5%, according to Gartner.

As organisations in Asia up their cyber readiness postures, it may be critical to revisit some of the issues, challenges, opportunities and options, that organisations will need to address as they look to improve their cyber resilience.

Beni Sia, general manager and senior vice president for Asia Pacific and Japan at Veeam Software joins us on this edition of PodChats for FutureCISO.

1.       Whose job is cyber resilience? We often hear of breaches. In practice, who is held accountable for failure to achieve cyber resilience?

2.       Give us a state of cyber resilience of enterprises in Asia as of August 2024.

3.       Given the state of awareness around cyber threats (and presumably measures taken to mitigate these risks), where are the top three vulnerability points for most enterprises in Asia?

4.       How are enterprises addressing these vulnerabilities? Is this sufficient? 

5.       What can enterprises do better to further lower the cost/risks of attacks like ransomware? Conversely, what are they doing not too well thereby being less effective than on paper?

6.       How can we leverage emerging technologies without introducing new vulnerabilities?

7.       I am aware that cyber resilience, including data resilience, cannot be achieved solely through one’s efforts – that this is a collaborative effort by many, if not all. How can the CISO ensure that they are not introducing new vulnerabilities by engaging with others – 
 In the digital economy, businesses rely on external partners, parties, regulators, and security experts out there.

8.       Finally coming into 2025, what is your advice for CISOs, and other members of the C-suite and board, to ensure the effectiveness of their strategies, frameworks and practices not just against ransomware, but against all threats both internal and external?