Resilience has become the ultimate stress test of business leadership. Every boardroom loves to speak about growth and transformation, yet the real measure of competence comes when systems fail or regulators demand answers.
“It is not if, but when an organisation gets attacked,” is the well-worn truism quoted by Andre Troskie, chief information security officer for Europe, Middle East and Africa for Veeam, which specialises in disaster recovery software.
Troskie speaks from long experience. His career began in IT security auditing in South Africa, followed by years of executive consulting across Europe. That history gives him perspective on the constant illusion of preparedness.
“All our surveys and all our research indicates that people overestimate their ability to respond in their worst day ever,” he says.
This is part of the reason Veeam created a data resilience maturity model. The framework gives companies an honest snapshot of their current state and maps a route toward greater resilience.
“We want to move from fear, uncertainty and doubt, to facts,” says Troskie.
The regulatory environment adds more pressure. Europe’s Digital Operational Resilience Act demands that companies test systems under realistic conditions.
“It is all about test, test, test,” says Troskie. “The way we used to check the validity of the controls within an organisation was we test whether the process existed, largely so it was kind of a tick-box exercise. Now the new resilience regulations are saying you have to demonstrate that they work.”
Compliance also means proving that recovery works during extreme stress. That requirement exposes a larger shift: resilience has moved from the technical basement to the corporate boardroom. Directors no longer sign off policies and move on.
“The board has to ask better questions, and they are now responsible and accountable for these new regulations,” says Troskie.
The challenge for executives is to convert that responsibility into competitive strength. Veeam, for its part, has recast its role from backup vendor to full resilience partner.
We want to provide an immutable backup store of your critical data, and then provide you the opportunity to bring that back as fast as possible
— Andre Troskie
“Five years ago you probably saw Veeam as a data backup and recovery organisation. We now look at helping organisations implement data portability as well.”
That means customers can shift workloads across hypervisors or hyperscale platforms, protecting investments while opening new opportunities. But data security remains central.
“We want to provide an immutable backup store of your critical data, and then provide you the opportunity to bring that back as fast as possible.”
Immutable backups stop ransomware from corrupting recovery points, ensuring that clean data is always available. Automation ensures speed. Troskie recalls earlier years when recovery exercises dragged on while teams searched for paper instructions.
Veeam’s orchestrator tools allow entire systems to recover automatically, without delay or confusion.
“This has to happen in milliseconds,” he says. “It’s really about just having that finger on the pulse of what’s happening within your organisation.”
Integration with broader security systems allows early warnings before ransomware spreads widely, giving defenders a chance to act.
Cloud adoption adds another dimension. Executives often assume providers such as Microsoft or Amazon will protect their data fully, but the reality is different.
“The organisation remains responsible for its data,” is the bottom line. In response, Veeam offers granular restore tools, making it possible to recover a single mailbox or Salesforce record without rebuilding entire environments.
The ransomware threat has also created new services that blend technology with human skill. For example, Veeam’s acquisition of Coveware gives companies access to negotiators with experience in cyberextortion.
“We have former hostage negotiators that will then engage with the bad guy to really understand, do they really have the data?” says Troskie. Such expertise brings clarity to moments of chaos, when leadership faces impossible decisions.
AI is both hope and hazard.
“We now move very quickly to a position of continuous, autonomous assurance and agentic AI that is going to be interacting with the business operations and the data.”
The real danger comes from excessive trust.
“We might be providing this agentic AI with excessive permissions, so we might have an identity, governance and administration problem heading our way.”
Troskie distils the message into a principle that every business leader can grasp. “Yes, we want to move fast and break things, but we need to make sure that we are as resilient as we possibly can be.”
• Goldstuck is CEO of World Wide Worx, editor-in-chief of Gadget.co.za, and author of The Hitchhiker’s Guide to AI — The African Edge.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.