James Eagleton's discussion reframes cyber resilience as a leadership and operating model challenge, not a narrow technology problem. The organisation that wins is not simply the one that prevents every incident; it is the one that can understand its data estate, recover cleanly, and answer the board's most important question with evidence: are we able to restore critical operations quickly, safely, and without reintroducing compromise?

The backdrop is sobering. Cohesity's longitudinal study spans 3,200 organisations across 11 countries, including 200 in Australia. In the Australian sample, 85% reported a material impact increase over the past 12 months, and 91% of impacted organisations experienced financial consequences. The more worrying signal is repeat infection: organisations are rushing to recovery and returning compromised assets to production.

The leadership agenda is shifting from incident response to resilience by design. Horizon Two of Australia's National Cyber Security Strategy intensifies that shift: resilience must become pervasive, embedded, and measurable across the economy.

Cyber resilience is a team sport.

The most resilient organisations are collapsing the old divide between the CIO and CISO. The CIO is asked to accelerate innovation, reduce cost, and deliver new services faster. The CISO is asked to protect the organisation, contain threat exposure, and slow decisions when risk is unclear. In weak operating models, those mandates pull against each other. In strong ones, they become a single resilience agenda.

David Chee's practitioner lens sharpens the point: data security is owned across the executive system. The Chief Data Officer shapes discovery and classification. Technology leaders own architecture and operability. Security owns threat posture and assurance. But when recovery fails, the board does not see separate swim lanes - it sees one leadership failure.

Recovery is the operating test.

Backup is not resilience. Resilience depends on recoverability: the ability to restore the right data, from the right point, in the right sequence, with confidence that the recovery path is clean. This is why the 3-2-1-1 architecture matters - three copies of data, across two media, with one remote copy and one air-gapped immutable copy.

The weakness exposed in the discussion is not a lack of awareness; it is a lack of practiced restoration. Too many recovery exercises remain theoretical, separated from the operational teams and business leaders who will be under pressure when a real breach occurs. In a live incident, leaders do not get perfect information. They need rehearsed runbooks, clear accountability, and the confidence to act without waiting for certainty.

Posture must move with the data.

The final resilience gap sits inside data risk posture management. Data is no longer static, centralised, or easy to classify once. It lives across core systems, cloud workloads, SaaS platforms, AI models, edge environments, and third-party ecosystems. Its sensitivity also changes over time. A deal document may be market-moving for a month and ordinary after disclosure. A shared data set may become the weak point when a third-party platform lacks equivalent resilience.

This requires a living view of data: where it sits, who touches it, how sensitive it is, how it is protected, how it can be recovered, and when it should be retained, archived, or deleted. The Optus example raised in the discussion underlines the leadership issue: reducing data exposure often requires uncomfortable operational work that no one owns until after an incident.

Closing Insight

Cyber resilience is becoming a board-level measure of executive discipline. The defining advantage is not a larger security stack, nor a better incident-response document. It is the ability to unite technology, security, data, and business leadership around one practical test: protect what matters, detect compromise early, recover cleanly, and reduce the blast radius before the next incident arrives.