Secure and Compliant Data Protection in Changing Times

Data is readily known to organizations as its most critical asset. Yet traditional data protection methods were not designed to handle the demands of today's distributed applications and data, especially in the context of modern cyber threats, compliance and regulatory pressure, and traditional threats, like natural disasters and equipment failures. 

To ensure business continuity, organizations must adopt robust data protection strategies and improve preparedness to respond and recover quickly from disruptions. By modernizing data protection across hybrid cloud infrastructures, organizations can protect their most critical asset—data—and maintain operational viability in a complex digital landscape.

CIOs in our New York Community gathered recently for a Town Hall exploring the best practices for implementing advanced data protection strategies. Shariq Aqil, Global Field CTO at Zerto, a Hewlett Packard Enterprise Company, presented to the group, and Governing Body Members Suresh Ande, Head of AI, Data Science and Advanced Analytics at Avis Budget Group; Manish Chaitanya, Group Vice President, Enterprise Applications & Digital Commerce at John Wiley & Sons Inc.; Cesar Cheng, VP & CTO Americas at L'Oréal; and Joseph Gimigliano, CTO at Northwell Health led their peers in small group discussions.

Cybersecurity and data are two top priorities for CIOs across our communities in 2025, according to our annual Leadership Perspective Survey of thousands of C-level executives. This discussion focused on the intersection of security and data and touched on another key priority – cyber resilience – and how to resume business operations after an attack.
 

Key Takeaways from the Discussion

1. Modern data protection needs to extend beyond simply recovering data from an attack. CIOs in the discussion agreed that cybersecurity strategies require not only data recovery, but true cyber resilience that enables organizations to resume operations. As one CIO said, “We have to be thinking from the perspective of losing access to everything and how we are going to rebuild the business.”
   
   For IT teams, this means planning for worst-case scenarios, such as losing access to all systems, and documenting exactly what is needed to bring critical data and services back online. CIOs shared that organizations should identify their minimum viable business operations, infrastructure, and teams. One CIO observed that it’s common to have a documented minimum viable business operations plan, but executives should also think about their “minimum viable infrastructure and the teams to serve that infrastructure.”
   
   It’s also important to regularly practice recovery scenarios, including challenging situations like extended internet or email outages. Engaging business stakeholders in these exercises ensures the entire organization is prepared, understands recovery periods, and has alternative communication channels in place.
2. Security awareness and training have to keep up with the evolving threat landscape. CIOs are more than aware that the threat landscape is constantly evolving, with ongoing risks from ransomware, phishing, and increasingly creative attack methods. To stay ahead, they discussed that it’s essential to provide continuous training for associates and executives, focusing on awareness and response to new threats.
   
   IT leaders shared that effective documentation and response plans enable operations teams to act quickly and efficiently during an incident. Training should be regularly updated and should not shy away from difficult or unlikely scenarios, ensuring that everyone is prepared for the full range of potential threats. As one executive noted, “It’s about defining the minimum viable business needs – and then practicing accordingly.”
3. Leveraging modern technology, especially cloud and AI, is a key component of building resilience. CIOs shared that as organizations are increasingly dependent on cloud and SaaS providers, it is vital to understand contractual requirements, test recovery capabilities, and the feasibility of moving workloads between providers at scale.
   
   Immutable backups add another layer of protection, while AI tools can be used to analyze logs, detect threats, and enhance security operations. To remain effective, AI tools and other technological solutions – and related exercises – must be continuously updated, ensuring that organizations can take full advantage of new capabilities and stay ahead of emerging risks.

CIOs in the discussion agreed that constantly evolving threat factors require continuous evaluation of resiliency plans and strategies. It’s essential for CIOs to raise awareness with employees and business stakeholders and “put in the practice” to help ensure business continuity. As one executive noted, “If you don’t put in the reps, you won’t be able to do this effectively.”

IT leaders can continue the conversation on securing data at an upcoming gathering with their peers. Community members can sign in to the app to find and register for events, or if you are new to Gartner C-level Communities, apply to join your regional CIO community to regularly connect with peers on critical priorities.
 

Special thanks to Hewlett Packard Enterprise.

By CIOs, For CIOs®

Join the conversation with peers in your local CIO community.