In the Asia-Pacific (APJ) region, cybersecurity leaders are navigating a complex environment marked by rapid digital transformation, intensifying cyber threats, evolving regulations, and the transformative potential of artificial intelligence (AI) and machine learning.
Amid geo-economic uncertainties and aggressive market expansion, CISOs must position cybersecurity as a strategic enabler rather than a mere cost. In an exclusive with FutureCISO, David Allott, field chief information security officer for APJ at Veeam, shares practical insights that underscore resilience as a core driver of business success.
Aligning security with business growth
Allott emphasises that cybersecurity must directly support core business objectives such as revenue growth and market expansion. “An effective cybersecurity strategy directly supports business goals such as revenue growth and market expansion by building operational resilience and trust,” he explains.
By aligning security controls with strategic priorities—such as new market entry, digital transformation, and regulatory compliance—organisations can protect critical assets, maintain effective incident response, and boost stakeholder confidence.
He notes that the most resilient organisations foster cross-functional crisis management across IT, security, legal, risk, and communications teams, with at least 70% of IT staff fully trained and response-ready. This integration allows businesses to pursue innovation and growth confidently.
Ransomware: The persistent high-impact threat
Cyber extortion, particularly ransomware, continues to dominate the threat landscape.
“Cyber extortion – including ransomware – remains one of the most significant threats businesses face today, and can rapidly translate into financial loss, operational downtime, regulatory penalties, and reputational damage,” Allott asserts.
Veeam’s latest Coveware research reveals that attacks exploit identity, trust, and access vulnerabilities, often compounded by configuration debt. In APJ, where aggressive ransomware campaigns target critical sectors, Allott advocates for resilience maturity models that map threats to business impacts. Prioritising rapid recovery capabilities helps mitigate financial and reputational consequences.
Enterprise-wide ownership: Building a true security culture
Security is no longer confined to IT—it demands shared responsibility across the organisation. “Cybersecurity is an enterprise-wide responsibility, not just an IT concern,” Allott states.
CISOs must drive a culture where every business unit, from HR to the Board, owns its role in protecting data and assets. This involves building awareness, defining accountability, and engaging stakeholders in incident response planning and scenario workshops.
He highlights a critical gap: “Our research shows 20% of CIOs stating their organisation having not performed a business impact analysis (BIA) within the last five years.”
By reframing “security awareness” as “security culture,” organisations can embed organisation-wide commitment to resilience.
Strengthening defences: Protecting the backup layer
Modern attacks increasingly target backup environments. Allott’s intelligence is sobering: “90% of organisations this year reporting attacks against backup environments, with 66% indicating their backups were compromised.”
Effective protection demands zero-trust principles, immutable, air-gapped, and encrypted backups, alongside layered defences. Integration with SIEM and XDR platforms enables automated responses and forensic data capture.
Aligning with frameworks like NIST CSF and incorporating robust backup, disaster recovery, and incident response capabilities reduces exposure and accelerates clean recovery.
Measuring success: Quantifying risk reduction
Evaluating cybersecurity investments requires clear metrics. Allott recommends tracking reduced incident frequency, shorter recovery times (RTO/RPO), verified clean backups, and stakeholder feedback.
Regular cross-functional tabletop exercises, playbook reviews, and benchmarking against industry standards provide tangible insights. Tools like Veeam’s Data Resilience Maturity Model help organisations measure progress across strategy, people, process, and technology domains. Embedding these efforts in broader GRC programmes ensures prioritised, measurable risk mitigation.
Unlocking ROI: Resilience as a competitive advantage
Cybersecurity investments deliver clear returns through resilience, compliance, and innovation enablement. Insights from over 500 global organisations using Veeam’s Data Resilience Maturity Model show that only 8% achieve best-in-class maturity.
These leaders recover seven times faster and experience four times less data loss. “Understanding your maturity rating provides a view of not just where you are, but where you can go,” Allott notes, with each advancement unlocking higher performance, lower costs, and stronger customer trust.
These insights resonate with broader industry trends. Gartnerhighlights strong security market growth in APJ, driven by AI and cloud adoption, while McKinsey positions cybersecurity as a board-level driver of competitive advantage.
In a region facing intensifying data privacy and AI governance regulations alongside persistent ransomware threats, Allott’s focus on strategic alignment, shared responsibility, and maturity benchmarking offers a practical roadmap for APJ CISOs to navigate uncertainty and drive sustainable growth.
