We recently attended a Commvault event where the executive team took the stage to share some key announcements highlighting their growing role—not just in data protection, where they’ve made their name—but also in cyber resilience and recovery. Their focus is now on providing the best tools for the increasingly aggressive consumption of cloud services and applications, which many businesses rely on to run their services. The event was insightful and well-structured, offering a clear view of the challenges and opportunities ahead.

One of the most startling statistics shared was that by 2025, over 75% of businesses are expected to fall victim to cyberattacks. With that sobering figure in mind, the discussion moved toward the pitfalls that many organisations fall into—primarily the belief that throwing more tools at a problem is an adequate defence. Many businesses invest heavily in cybersecurity solutions but fail to test them properly, leaving significant gaps in their recovery plans. And without leadership setting clear recovery expectations, meeting business requirements becomes an uphill battle.

Darren Thomson, EMEAI Field CTO at Commvault, summed it up perfectly: when it comes to risk, we have three options—accept, transfer, or mitigate. In IT, we often find ourselves tasked with mitigation, but the key takeaway is that businesses must thoroughly test their incident response plans. This doesn’t mean just going through the motions with simple role plays—real, in-depth testing is essential.

We’ve all heard stories about untested backups that failed at a critical moment, leaving organisations scrambling. The stakes are even higher when it comes to cyber resilience. Making the same mistakes over and over again without learning from them is a recipe for disaster, especially when so much is on the line.

The main message from the event? Leadership buy-in is crucial, as is acknowledging the very real possibility of an attack. Build your teams, set up a comprehensive programme, and work closely with trusted partners. Most importantly—test your recovery plans rigorously. It’s the only way to ensure your organisation is truly prepared for what’s ahead.