Dynamic Resilience — Executive Leadership in Turbulent Times

In the face of intensifying geopolitical instability and rapid technological change, CIOs and CISOs are being called upon to lead the charge in organisational resilience. As one Gartner Middle East CIO Community member observed, “Resilience looks different depending on the location, region, and geography, but the need to keep moving forward is universal, especially when it feels like the world is shifting beneath us.”

Gartner’s Middle East CIO and CISO Communities recently convened for a Town Hall focused on crisis management and resilience. This virtual event brought together executives from a wide range of industries and geographies, each sharing practical strategies for navigating uncertainty and building adaptable organisations.

The session was moderated by Mounir Abdel-moujoud, Executive Director - Group Technology (CTIO) at Aldar. Discussion leaders included Anoop Paudval, Head of Information Security and GRC at Gulf News; Shafiullah Ismail, Senior Vice President & Head of Information Security and Risk at Mubadala Capital; Mohammed Alshobani, CIO at AVILEASE; Iyad Atieh, CISO at Alghanim Industries; Taha Tkito, Group CIO at TAMER Group; Mohamed Banin, Senior Global IT Director/CIO at Rakuten; Amin Al Jaber, CIO at Nesma & Partners; and Abdullah Al-Barwani, General Manager, Cybersecurity at Omantel.

Each discussion leader facilitated a small group of executives in exploring three central topics: aligning cross-functional teams and demonstrating visible leadership during turbulent times; overcoming procurement roadblocks and sustaining transformation with limited IT resources; and rethinking cloud strategies to balance data sovereignty, resilience, and regulatory requirements. This format enabled participants to engage in candid, in-depth conversations, share practical experiences, and learn directly from their peers facing similar challenges.

Here are six key takeaways from their discussions:

1. Resilience Is a Cross-Functional Business Imperative, Not Just IT’s Responsibility

There was clear consensus among executives that building a resilient organisation demands cross-functional participation and well-defined accountability. While technology and security leaders are often at the forefront – frequently establishing and leading crisis management teams – many participants emphasised that resilience can no longer be viewed as the exclusive domain of IT. Instead, organisational resilience requires active engagement and ownership from all business units.

As one CIO observed, “Ownership of resiliency is beyond IT. A bigger part of the journey should be owned by the business, while IT owns the digital journey.” Another executive highlighted the importance of ongoing collaboration among leadership teams – including the CFO and COO – who meet multiple times daily during a crisis to prioritise actions and stabilise operations.

1. Strategic Vendor Partnerships and Multi-Vendor Approaches Are Essential

Executives agreed that cultivating strategic partnerships with vendors is fundamental to building and sustaining organisational resilience, particularly during times of crisis when external support becomes critical. As one executive explained, “Partnership with vendors is key over here,” while another emphasised, “They are partners, not vendors.” 

Many executives cautioned against the risks of over-reliance on a single provider, advocating for a multi-vendor strategy to ensure both continuity and flexibility. “Do not rely on one vendor. We use different vendors so if one goes down we can come back up sooner,” noted one leader. The prevailing sentiment was succinctly captured: “We should not put our eggs in the same basket.”

1. Procurement and Resource Constraints Remain a Key Challenge

Ongoing supply chain disruptions continue to present significant challenges for CIOs and CISOs in the Middle East Community. As one leader observed, “Many organisations prioritise resilience, but procurement cycles, budget constraints, and vendor dependencies can slow progress.”

Recent supply chain issues have further exacerbated resource shortages, especially in hardware delivery. “The biggest issue has been the hardware delivery – from cost and delivery. We were very short on hardware from vendors, so we tried to see what’s in our inventory and move things around,” one executive shared. These constraints have prompted organisations to become more creative and agile, often reallocating resources and exploring cloud options to ensure continuity of key business processes.

1. Hybrid and Multi-Tier Cloud Strategies Are Critical for True Resilience

Executives reached strong consensus that hybrid and multi-tier cloud strategies are now essential for resilient IT architectures. Approaches that incorporate backups across multiple regions – where regulations permit – are increasingly regarded as best practice. One executive shared, “If something happened here, we could switch to our redundant data centers to maintain core operations,” referencing their emergency data center in Frankfurt for critical data. Another emphasised, “We built a multi-tier, hybrid approach for backups. We have some in and outside the region. The multi-tier is critical.”

The importance of understanding the physical location of data was underscored by an executive who recounted discovering, during a crisis, that their data centers with a single provider were all within the same region – a lesson that prompted a review of contracts to mitigate future risk. As one participant aptly noted, “The last two months have proved to us that the cloud is just another building somewhere. It’s not truly a cloud.”

IT and security leaders also stressed the necessity of maintaining on-premises capabilities for critical services and leveraging multiple cloud providers to reduce risk. “Full reliance on the cloud is a big problem. You need to have a hybrid setup to always be ready to go on prem for critical services,” said one executive. The need for differentiated redundancy was highlighted when one executive shared, “Not every system needs to be measured in the same way. Some data should have more redundancy than others.”

Despite these best practices, executives acknowledged several challenges. One executive noted limited availability of hyperscale data centers in their country, and another mentioned difficulties in obtaining investment for a multi-tiered approach: “How can you explain this to justify the investment?”

1. Regulatory Challenges Shape Resilience Strategies

Executives agreed that regulatory considerations are playing an increasingly pivotal role in shaping resilience strategies. Data sovereignty, local regulations, and geopolitical risks must all be carefully navigated when determining what data and services can be moved to the cloud or stored internationally. While many organisations are technically prepared to migrate and deploy data as needed, regulatory requirements often present significant obstacles. As one executive noted, “Regulations are the real challenge.” Another added, “Restrictions are tying our hands from going the extra mile.”

In response, some organisations are actively engaging with government authorities to advocate for more flexible policies, particularly in light of evolving geopolitical conditions. At the same time, others are contending with increasingly stringent regulations, further complicating efforts to enhance resilience and agilit
 

1. Continuous Improvement and Crisis Preparedness Are Now Embedded in Culture

Executives reflected on the significant lessons learned from COVID-19, emphasising that regular process reviews, crisis simulations, and a culture of agility have become standard practice. “COVID taught us that you need to have resiliency and business continuity,” one executive noted. Another added, “No one was ready for a crisis like that. We had so many lessons learned, and we improved processes and governance over time.”

Many leaders described how, when instability arose recently, their organisations were able to respond swiftly thanks to established crisis committees ready to be mobilised across the business. As one leader explained, “We have an excellent budget put in place for crisis. We have clear ownership. And once we activate a crisis situation, all the protocols go in place and accountability starts, and then reconciliation.”

However, some acknowledged that readiness remains a challenge, with one executive observing, “Company readiness is the biggest challenge. You have cyber professionals, but when something goes wrong, they panic. They need to be more prepared.” Another advised, “At the end of the day it’s about governance and protecting client data. You always need to keep them in the front of your strategy when dealing with any crisis.”

To collaborate with other CIOs and CISOs on the current business landscape, apply to join your local community. If you are already a community member, sign in to the app to find upcoming opportunities to get together with your peers.