As cyberthreats and disruptions grow, organisations must make data resilience a core component of their IT strategy to ensure business continuity and safeguard critical data.
With AI-driven systems, multi-cloud strategies, and edge computing dominating boardroom and industry conversations, it’s tempting to chase every emerging risk with equal urgency. However, when it comes to resilience, success doesn’t lie in doing everything; it comes from doing the right things.
Modern organisations face a complex threat landscape that is both unforgiving and unpredictable. Whether it’s ransomware, supply chain disruptions, or growing scrutiny around data sovereignty, trying to eliminate all risks is not only unrealistic but impossible. True resilience begins by acknowledging the hard truth that not everything can be solved or prevented.
Focusing on what matters most
Resilient organisations take a stepwise approach to risk. They don’t attempt to tackle every vulnerability at once. Instead, they prioritise based on impact and likelihood, ensuring that critical assets are protected and recovery strategies align with business continuity objectives.
This is especially important in Asia-Pacific and Japan (APJ), where attacks are rising in both volume and sophistication. The Cyber Security Agency (CSA) of Singapore’s recent alert on a new ransomware group, Dire Wolf, illustrates this. Through a double-extortion model, Dire Wolf not only encrypts and threatens to leak data but also disables backups and recovery features.
According to the Veeam 2025 Ransomware Trends Report, less than 40% of organisations in APJ include backup verifications as part of their ransomware response playbook. It is therefore no surprise that while 90% of ransomware victims believed they were prepared before an attack, confidence dropped by 17% afterwards.
According to CSA’s Singapore Cyber Landscape 2024/2025 report, DDoS attacks reached record levels last year, driven by powerful global botnets created using easily accessible generative AI tools. Asia accounted for 60% of the world’s most targeted locations, with Singapore ranking as the third-largest source of DDoS traffic. As a highly connected technology and data centre hub, Singapore’s position reflects high traffic volumes and demonstrates how threat actors exploit infrastructure in digitally advanced nations. This highlights the difficulty of stopping every attack and underscores the need to focus on the most crucial assets.
The takeaway: Resilience requires constant reassessment of what risks matter most.
Risk awareness as the foundation of resilience
Regardless of size or sector, organisations must incorporate risk assessments as a regular operational discipline, not a once-a-year compliance checkbox. This means continuously evaluating gaps in backup repositories, backup integrity, and recoverability.
Despite regulatory scrutiny increasing in APJ, many organisations remain unprepared. Nearly four in 10 believe they need a significant overhaul to fully align IT operations with cybersecurity teams.
Without strong foundations in data resilience, even the most advanced AI-driven defences can’t prevent reinfection or lateral movement after an incident.
To stay ahead, resilience planning must be adaptive. Risk evolves, and so should the controls placed around it. Whether it’s identifying ransomware dwell times (now often under 24 hours) or tracking changes in regulatory expectations, regular reassessment is critical.
Resilience without the overload
The underlying challenge persists: How do you strengthen resilience without overengineering solutions or overwhelming your teams?
Applying a data resilience framework provides a structured way forward. By identifying gaps in ownership, accountability, test frequency, recovery processes, and metrics, organisations can implement targeted solutions more effectively. With clear benchmarks, leaders can focus resources on the areas that matter most, rather than spreading efforts thin. This not only accelerates progress but also ensures that resilience investments deliver measurable business outcomes.
Resilience is not about perfection. It is confidence built through smart, deliberate choices. The principle is clear: Resilience is built by doing fewer things better, not everything all at once.
Progress, not perfection
The pursuit of resilience isn’t about eliminating all threats; it’s about knowing where to act and acting decisively. The most resilient organisations don’t aim for perfection. They aim for a level of resilience that provides confidence. They identify their greatest risks, allocate resources effectively, and build alignment around what matters most.
As we look ahead, the focus should shift from “How do we prevent everything?” to “How do we ensure what matters is protected, backed up, and recoverable?” Because in the face of disruption, resilience is less about prevention and more about ensuring that impact is minimised as much as possible.
