IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Resilience over prevention as AI reshapes security landscape

Resilience over prevention as AI reshapes security landscape

Fri, 17th Jul 2026 (Today)
David Shilovsky
DAVID SHILOVSKY Interview Editor

Organisations across ANZ are reassessing how they prepare for ransomware attacks, as AI dramatically increases both the speed and sophistication of cyber threats, prompting a greater focus on resilience over prevention.

Businesses are increasingly recognising that 100 per cent prevention of every cyber attack is unrealistic, making the ability to recover quickly and safely a strategic priority. 

Throwing money at perceived complete protection is no longer a practical tactic, putting more focus on response strategies, according to Director of Sales Engineering APJ at Cohesity, Brett Chase.

"We've historically had a pretty hardcore mindset of trying to keep the breach out," Chase said.

"But for a number of reasons - zero-day attacks, human error and other factors - organisations are realising you can't simply spend your way to prevention. The attacks will always find a way through. The question is how prepared you are when that happens."

The shift is changing how organisations allocate cybersecurity budgets. Now, businesses that previously devoted almost all of their security spending to preventative controls are investing more in recovery capabilities.

Where companies used to spend 95 per cent of their budget on prevention and five per cent on resilience, the ratio would now be closer to 85 per cent to 15 per cent for plenty of businesses.

Response time conflict

Cohesity is strong in the position that organisations also need clearer expectations around what a successful recovery from a major breach or cyber incident looks like.

There is typically an inherent conflict between executives trying to mitigate downtime as much as possible, and the constraints cybersecurity staffers are working within.

Cohesity is calling for broader industry agreement on recovery benchmarks that define how quickly organisations should return to operation, while ensuring compromised systems are restored in a trusted and secure state.

"What executives expect from their organisation and what cybersecurity teams can actually provide, sometimes, are quite misaligned," Chase said.

"Leadership wants systems back online as quickly as possible, but there is always a balance between rapid recovery and ensuring that recovery is trusted, secure and clean."

AI is further complicating that challenge.

While organisations are deploying automation to strengthen their own cyber defences, attackers are utilising the same tools to identify vulnerabilities and accelerate attacks, creating a quickly evolving arms race.

Many column inches have been allocated to the AI revolution, but Chase believes that there could be even more coverage.

"If anything, (the impact of) AI is probably underhyped," he said.

"As resilience providers, we're using AI to minimise business impact, but attackers are also using it to become much quicker at identifying and exploiting vulnerabilities."

The sophistication of attacks has changed significantly in recent years.

In the last 18 months alone, the types and maturity of cyberattacks have increased at an alarming rate.

Resilience vs recovery plans

There remains a significant gap between organisations that have developed comprehensive cyber resilience strategies and those still relying primarily on traditional disaster recovery plans.

Cohesity has developed a five-step cyber resilience framework encouraging organisations to identify and protect all data assets, locate clean recovery copies, conduct proactive threat hunting, regularly test cyber response plans and gain a deeper understanding of their data environments.

Organisations that regularly test these capabilities are significantly better positioned to minimise operational disruption following an attack.

Threat of shadow AI looms 

The rapid internal adoption of generative AI with businesses is also creating new risks beyond external cyber attacks.

Companies are becoming increasingly concerned about employees inadvertently exposing sensitive information through shadow AI.

"This is such a fast-evolving space," Chase said.

"You've got to be taking extra security measures in how your staff access and bring together the combination of their data, the company's data, and AI tools. 

"Because once it's out in the open AI landscape, (internal data) is gone forever."

Employees may upload sensitive company information into AI tools with good intentions, such as building models or analysing data, without fully understanding the long-term implications.

It has become problematic across an array of industries, with reports of sensitive data in healthcare, government, and even defence being uploaded to public AI models for basically anyone to access at any time.

As a result, companies should be placing greater emphasis on data governance and employee education to ensure AI is adopted securely.

Beyond cyber resilience, AI is driving growing interest in data security posture management, with businesses seeking greater visibility into the location, sensitivity and protection status of their information.

Understanding data assets is becoming essential not only for cybersecurity but also for preparing organisations to deploy AI effectively.

Identity security is also emerging as a major priority.

Cyber attacks often begin with compromised identities, before progressing to broader data breaches, making identity resilience an increasingly important component of companies' security strategies alongside protecting data itself.

With ransomware continuing to evolve and AI reshaping both offensive and defensive capabilities, organisations need to assume breaches will occur and focus on ensuring they can recover quickly, securely and with confidence.