Business - Global Storage

Cyber insurance in ANZ: Why compliance is your best ally

While you may think of cyber insurance as just one more thing to add to the “things we should do but probably don’t really need,’ now’s the time to think again.

Cybersecurity in Australia can no longer be considered “best practice” or an IT hygiene issue. It’s now directly linked to your legal, regulatory, and director obligations, with multiple regimes converging around risk management, incident reporting, and governance.

The 2025 Veeam Ransomware Trends Report says that 69% of organisations experienced at least one ransomware attack in the past year. And many were attacked multiple times. Which means that for the majority, cyber insurance could well be a financial lifesaver in times of crisis.

But insurers are no pushovers. They demand that you are genuinely doing your best (and can prove it) to protect your business and its data.

The hardline approach

As expected, cyber insurance is a rapidly growing market. Insurance Business Mag reported in late 2025 that sectors more vulnerable to attack (such as healthcare) may face higher premiums and more restrictive terms. And as AI plays an increasing role in cybercrime, insurers’ policies are likely to be further enhanced for all policyholders.

What’s important to note is that there’s no wriggle room in cyber insurance. Claim denial is real, and adherence requirements are strict.

If you think that ANZ organisations have it tough by global standards for cyber insurance, you’re right. When Arctic Wolf surveyed 400 cyber insurance brokers and carriers worldwide, they found that ANZ insurers require an average of six security controls to qualify for cyber insurance. The rest of the world only requires five.

Why are our controls more rigorous?

That same Arctic Wolf research mentioned early cites two key drivers for the demand for six controls:

We’re an attractive target: Organisations in Australia and New Zealand are 9% more likely to experience a significant cyberattack than the global average.
The penalties are high: High‑profile regional breaches and stronger regulatory expectations (e.g., Privacy Act, APRA CPS 234 influence)

Multiple independent reports also say that as well as our control number being higher than the global average, our insurers take a stricter approach to the depth of verification.

The widely reported trend in ANZ‑specific market analysis and broker commentary is that our underwriters are increasingly scanning external attack surfaces, validating MFA coverage depth, requesting evidence of EDR deployment and backup immutability and logging, and re-verifying controls at claim time.

The Essential Eight enforced?

While not a mandatory government requirement (although strongly advised), alignment with the Essential Eight is now being driven by our insurers.

Most now require controls that map directly to the Essential Eight maturity levels – and some won’t even provide quotes unless you can say ‘absolutely – yes!’ to the following questions – and partial implementation is often treated as non‑compliance:

Do you first use MFA across all cloud and remote access points?
Have you enforced application allowlisting?
Is your patching done within the recommended timeframes?
Do you have EDR (endpoint detection and response) on all your workstations and servers?
Do you do daily backups with offline or immutable copies?
Do you enforce user access reviews and privileged account controls?
Are your people supported and educated with security awareness training?

But it;s no use just being able to say ‘yes’ to these questions; insurers will often ask you to demonstrate that you have these controls in place.

And after several high-profile vendor-linked breaches here in Australia, they’re also throwing in questions about your supply chain risk: how you assess it, whether your vendors meet baseline security requirements, and what controls your managed IT provider enforces.

Lining up your cybersecurity ducks

Compliance is key not only to keeping your organisation safe but also to being eligible for cyber insurance, to start with, and even influencing your premiums.

The six security controls you must enforce to be compliant and insurance ready are:

Email security – preventing phishing, malware, and other malicious emails before they reach users.
Identity and access management (IAM) – enforcing strict control over who can access systems, applications, and data.
Multi‑Factor Authentication (MFA) – strengthening login security across all systems, with priority on remote access and privileged accounts.
Endpoint Detection and Response (EDR) – continuously monitoring endpoints (workstations and servers) to rapidly detect, contain, and stop threats.
Regular, secure backups – maintaining encrypted, tested backups that are isolated from the network to minimise ransomware impact.
Patch management – keeping operating systems and software up to date to address vulnerabilities before they can be exploited.

Insurers also consider advanced protections, such as 24/7 security operations centres (SOCs) and managed detection and response services, as highly impactful.

Resilience is better than regret

While it might not feel like it at the time, ensuring your cybersecurity controls meet insurers’ expectations and requirements also pays off for your organisation.

Your premiums are likely to be lower, and your diligence in maintaining and improving those controls in the face of high regional risk helps mature your security posture.

You have everything to gain, and nothing to lose.

AI. The great cloud optimiser.

Wondering how AI will transform cloud services? Here it is, from the horse’s mouth (Gartner):

“The adoption of AI within cloud services is poised to revolutionize IT operations, embedding AI as a fundamental element across everything from infrastructure management to application deployment.” ~ Dennis Smith, Distinguished VP Analyst, Gartner.

So, what could go wrong?

Why AI is driving up the cost of cloud

While AI-infused cloud services are set to revolutionise IT operations, this transformation will come at a high cost.

Gartner warns that not only will energy demands due to the need to handle AI requirements potentially increase by more than 300% in the next four years, but “by 2030, companies that fail to optimize the underlying AI compute environment will pay over 50% more than those that do.”

With Gartner additionally predicting that “over 80% of enterprises will deploy industry-specific AI agents in support of critical business objectives by 2023” (compared with less than 10% today), and that “more than 60% will conduct intensive AI model activity across multiple clouds”, the heat is on. But on whom?

The impact on data centres? A total overhaul of power and cooling infrastructures.

The impact on your organisation? The ongoing challenge of balancing the cost of AI workloads within a financial management framework. In other words, you’ll need to diligently measure the business value and ROI of AI-enabled cloud solutions to avoid overspending.

“Gartner predicts that by 2030, over 80% of enterprises will deploy industry-specific AI agents in support of critical business objectives, up from less than 10% today, and more than 60% will conduct intensive AI model activity across multiple clouds.

But on the other hand…

Adopting AI cloud services may have the potential to blow out your IT budget, but the good news is that AI-powered tools also have the superpower to slash it.

How? Let’s count (just some of) the ways.

AI-powered cloud management tools can reduce costs through several mechanisms:

1. Demand forecasting, right-sizing

Using AI, you can analyse your current versus historical cloud usage, seasonal patterns, and workload queues to proactively predict your future demand. With this information, you’ll always be able to provision just the right amount of resources. No more over-allocation and no waste!

That right-sizing can also be applied to your instances and services. AI can compare your actual utilisation (CPU, memory, I/O) to your instance sizes and recommend smaller or more appropriate types. Again, you can reduce expensive over-provisioning without hurting performance.

2. Leveraging discounts

Based on your forecasted usage, AI can also show you where you can get more value by maximising long-term discounts (via reserved and savings plans) and not making the mistake of underutilising them. AI can combine real-time telemetry with ML (machine learning) to scale resources up or down before demand spikes – so you never end up under-provisioning (and over-spending) during peaks.

And of course, you can automate all of this reporting and recommendations to reduce human input to reviewing and decision-making.

3. Opportunity hunting (for savings) and troubleshooting

AI tools can also save your organisation money and effort by spotting and pre-empting potential issues. For example, it can identify a workload that won’t be affected if you shift it to a cheaper spot – and schedule it.

AI can flag suspicious or unusual spend patterns (like sudden traffic increases) that can send costs spiralling if unchecked. You can set flags for a range of deviations so you’re warned in good time, and can immediately stop and remediate the activity.

In situations where you have high-spend areas, AI can identify the owner (s) and allocate costs per department. And it can spot and clean up those money wasters like idle databases, unattached volumes, unused snapshots, and stale backups. So you’ve got transparency of all the things you’re potentially paying for, but not using, and can put them under the financial microscope.

Why is this all so important?

27% of cloud spend is wasted, according to Flexera in their “2024 State of the Cloud Report,” 2024. And that’s something few organisations can afford.

In their 2025 report, Flexera report that 84% of respondents believe that managing cloud spend is the top cloud challenge for today’s organisations. Understandably, with cloud spend expected to increase by 28% in the coming year (2026), it’s apparent that many are rethinking their existing cloud cost management strategies.

While 87% of Flexera’s respondents name cost efficiency/savings as their #1 cloud goal, a focus on cost avoidance has gone from 28% (2024) to 64% (2025). Cost avoidance, of course, is the practice of not incurring preventable and unnecessary expenses in the first place – which is something that AI tools (notably AI-driven FinOp tools) excel at.

While the potential for cloud cost reduction and ROI varies across vendors and research agencies, what is clear is that AI and automation are critical enablers of such reductions.

As the journey to an AI-enabled workplace accelerates and we turn to AI to control the costs it generates as a byproduct, the old saying “Doctor, heal thyself” seems all too fitting – and an essential strategy for survival.

What are the best practices for building a resilient DR plan in 2026?

If there’s one thing we’re all hyperaware of these days, it’s that nothing is set and forget.

A new year typically signals that it’s time to review our disaster recovery (DR) processes, practices and technology. For most of us, it’s not because we ‘got it wrong’ last year, but because the pace of change means we need to re-evaluate what we got right, see what we can learn from others less fortunate, advances in technology, and what we can take on board and apply to our own organisations.

With a significant array of external forces – from cybercrime to floods to system failures – keeping us on our toes and second-guessing our own vulnerability, a near-enough DR plan isn’t nearly good enough.

Three key strategies to ensure business continuity

1. Make it (semi) permanent

An investment in immutable backups as part of your disaster recovery strategy will dramatically improve your organisation’s resilience.

You’ve likely already got backup under control with your 3-2-1-1 strategy. The 3-2-1-1, of course, refers to the best-practice approach of making three copies of your data, which you store on two different media: one copy off-site and the other a cloud-based, immutable or air-gapped backup.

It’s tweaking that last backup option that’s potentially a game-changer for your business.

If you’ve opted for air-gapped backups, then you’re relying on the practice of disconnecting your storage medium from your systems – it’s completely offline and safe from malware, viruses or ransomware. The only problem is that, even though it’s not connected to your network, a disgruntled admin or a malicious actor planted within your company can still sign in to the server and delete, corrupt, or encrypt your data.

Whereas, if you opt for immutable backup, you’re locking that data down. This approach uses write-once, read-many (WORM) policies or object-lock technology to make your data impervious to change. Yes, it can be accessed and read on demand, but it can’t ever be overwritten or altered – regardless of the user’s permissions.

The data lockdown period can be set (to say, 90 days), and at the end of that period, it’s unlocked, and your data is no longer immutable. While you can choose to lock it down permanently, since out-of-date data is generally of no use, it’s neither recommended nor necessary.

Some key benefits of immutable backups include:

Audit trails to show who accesses the data and controls to determine who can access it.
Your data is protected from ransomware or someone trying to make malicious changes.
You’ll always have clean, trustworthy data
The integrity of your data is guaranteed – no bit-rot (the slow, silent corruption of digital data over time), corruption or accidental overwrites
Ticks all the compliance boxes for immutability or retention requirements for a wide range of industry frameworks (HIPAA, etc.)
Easy and fast recovery with data that’s never corrupted and always ready to use
Reduced operational and human error risks with accidental deletion impossible
Lower costs with cloud-based immutable solutions

2. Set realistic targets, and stick to them

Your DR strategy should never reflect unrealistic and unachievable expectations. It should reflect realistic, appropriate RTOs (recovery time objectives) and RPOs (recovery point objectives) that together will protect your business and boost its resilience.

Here’s why – together – they’re important:

1. They protect your bottom line

Every minute of downtime counts. The inability to operate can lead to significant financial losses, especially for e-commerce, financial services, or SaaS companies. Lower RPO values mean you’ve lost less data between backups. And having no gaps in your data is critical for maintaining data integrity, meeting regulatory or compliance requirements, and retaining customer trust.

2. It’s all about balance (the right balance, that is)

The relationship between RTO/RPO and cost is exponential. If you want to achieve a near-zero target, then you need to make a significant investment in your infrastructure and resources. So, the key is finding targets that align with your actual real-world business needs (and budget) rather than pursuing goals that simply make you look good.

For example, you could consider a tiered approach where, for your mission-critical systems, you have an RTO of between one and four hours and an RPO of 15 minutes. Whereas for your non-critical systems, an RTO of 48 hours and RPO of 24 hours may be perfectly acceptable.

In terms of best practice, get the balance right by:

Carrying out a business impact analysis to determine your business’s actual (not imagined) tolerance for downtime and data loss
Base your targets on the requirements of your business, not just your IT capabilities
Test regularly to ensure your targets are achievable in real scenarios as well as on paper
Communicate the costs to your leadership team so they understand the trade-offs you’re recommending
Review your RTO/RPO annually (or if you’re going through a significant phase of change or growth)

The goal isn’t to have the most aggressive targets possible – few businesses can either afford them or even need them. As long as your targets are achievable and appropriate, you’ll still deliver operational resilience without breaking the bank.

3. Test, don’t guess

Thoughts and prayers are never enough if you’re planning to survive a cyberattack or a natural disaster. And guesswork is not your friend either.

What looks and sounds like best practice on paper doesn’t necessarily translate into a smooth, successful, and reliable recovery in real life. An untested disaster recovery plan is…a disaster waiting to happen when you can least afford it.

The roll over into a new year is the ideal time to put your current plan through its paces – and put theories to the test. Only testing will reveal if your disaster recovery plan has critical flaws, including:

Configuration errors in your backup systems or failover procedures
Documentation that’s out of date and doesn’t capture your current infrastructure
Overlooked dependencies between your systems
Not enough resources in terms of bandwidth or storage capacity
Team members who aren’t clear about their responses and responsibilities
System vulnerabilities that no one expected

It’s only by applying the lens of best practice and diligently testing your disaster recovery plan regularly that you can transform it into a reliable lifeline when disaster strikes.

What next?

If you’re even the slightest bit unsure whether those best laid plans will help you survive a disaster, then let’s chat. Improvement is always possible, and adding resilience is rarely regretted.

The dawn of a new era – AI vs. cybercrime

If you spend enough time reading cybersecurity headlines, you might be forgiven for thinking artificial intelligence (AI) is purely a weapon for the bad guys.

And to be fair, the statistics tell a clear story. Since the rise of generative AI, we’ve seen a staggering 1,200% global surge in phishing attacks.

It’s a topic we’ve covered before at Global Storage, specifically regarding how AI is shaping the future of cybersecurity risks. But focusing solely on AI as a threat vector ignores the other side of the coin. AI could also be the most potent shield we have.

For Australian technology decision-makers, the conversation is shifting from ‘how do we defend against AI?’ to ‘how do we use AI to defend ourselves?’

With 2026 projected to be a pivotal year for autonomous systems and digital sovereignty in our region, leveraging AI for breach response readiness isn’t just a competitive advantage – it’s fast becoming a regulatory necessity.

The autonomous shift in Australia and New Zealand

Change is happening at pace and has been for a while. But technology leaders anticipate that 2026 will bring a transition towards increasingly autonomous AI systems in Australia and New Zealand.

This goes beyond faster chatbots – it’s about creating systems that can reason, plan, and handle security tasks with minimal delay and little need for human intervention.

This shift coincides with stricter regulatory measures driving a stronger convergence between IT and security. In a world where digital sovereignty is a priority, organisations must prove they can detect and neutralise threats instantly, keeping Australian data safe on Australian shores.

Speed is the new compliance currency

Regulatory frameworks in Australia have teeth, and they operate on strict timelines. Consider the Security of Critical Infrastructure (SOCI) Act, which requires reporting significant impact incidents within 12 hours.

Or APRA CPS 234, which demands notification within 72 hours of a material incident.

In the second half of 2024 alone, the OAIC received 595 data breach notifications, with 69% caused by malicious attacks. While 66% of breaches were identified in less than 30 days, that timeline is nowhere near fast enough to meet a 12-hour or 72-hour reporting window.

This is where AI can become your compliance engine. Humans simply cannot sift through terabytes of log data fast enough to identify a patient zero event within 12 hours.

AI, however, excels at this. It enables predictive threat detection and automated response, ensuring that when you do notify the regulator, you have the full picture, not just a guess.

It’s no surprise that 93% of organisations indicate AI will influence their cybersecurity investment decisions over the next year.

Outsmarting the supercharged social engineer

The modern threat actor is no longer sending typo-riddled emails from a ‘prince in Nigeria’. They are using generative AI to create hyper-personalised, error-free campaigns.

Recent reports indicate that AI-powered spear phishing attacks now have a 47% success rate against trained security experts. A notable development is the rise of deepfake business email compromise (BEC). In one instance, a UK engineering firm lost USD $25 million after an employee was duped by a deepfake video conference that mimicked their CFO perfectly.

To embrace proactive cyber defence, we must fight fire with fire. Traditional signature-based detection (looking for known bad code) is useless against a unique, AI-generated email. We need AI-driven behavioural analysis. These tools establish a baseline of normal behaviour for your users – when they log in, what files they access, and how they write emails.

When an account suddenly deviates from that pattern (even if they have the correct password), the AI flags it instantly. It is the difference between finding a breach in 200 days versus 2 minutes.

The necessity of keeping a human in the loop

Despite the power of automation, AI is not a set-and-forget magic wand. It is a force multiplier, not a replacement for human judgment.

Arctic Wolf correctly notes that full automation without oversight is rarely advisable. AI models require fine-tuning to avoid false positives – you don’t want your automated response system quarantining your CEO’s laptop during a board meeting because they logged in from a new iPad.

There is also a trust gap to bridge. Interestingly, research shows that Australians and New Zealanders are ready for AI in critical sectors like emergency response, but only when they are aware of how it is being used. Trust increases significantly with awareness.

The same logic applies to your internal stakeholders. To leverage AI effectively for compliance, you need a strategy that blends algorithmic speed with human strategic oversight.

This ensures your defence is nuanced enough to understand business context, but fast enough to stop a machine-speed attack.

Moving beyond experimental AI

As we dive into 2026, AI in cybersecurity is moving beyond the experimental phase and into full operational maturity.

By integrating AI into your breach response strategy, you aren’t just ticking a box for the SOCI Act or APRA. You are building a resilient organisation capable of withstanding the next generation of threats.

SOC vs. MDR: Why your cyber strategy needs both to survive

In the world of cybersecurity, acronyms are everywhere. For tech decision-makers trying to prevent a breach, the distinction between these acronyms isn’t just semantics – it’s the difference between a secure network and a very expensive headache.

Two of the most commonly confused terms are MDR (Managed Detection and Response) and SOC (Security Operations Centre).

While they are often sold as interchangeable silver bullets, they are fundamentally different disciplines. Relying on one without the other is a bit like installing a high-tech alarm system but leaving your front door wide open.

To build true cyber resilience, you need to cut through the noise and understand why SOC and MDR are simply better together.

What is Managed Detection and Response (MDR)?

At its core, MDR is a service designed to hunt, investigate, and respond to threats. It is, by nature, reactive. It assumes that the ‘bad thing’ has already happened or is currently happening, and its job is to detect it, capture it, and respond to it.

Think of MDR as the digital equivalent of reviewing security footage after a break-in. You can see exactly how the intruder got in, what they touched, and where they went. It is vital for understanding the scope of an attack and remediating it, but it is often retrospective.

You can purchase off-the-shelf MDR solutions from vendors like Arctic Wolf or CrowdStrike. These tools are excellent at investigating incidents – answering the ‘what,’ ‘how,’ and ‘who’ of a breach.

However, according to the 2025 Security Operations Report from Arctic Wolf, attackers are increasingly launching their assaults during “off-business hours.” The report highlights that 51% of security alerts are now triggered outside of the standard workday, making continuous, 24×7 visibility across the entire IT environment an absolute necessity, not just a nice-to-have.

What is a Security Operations Centre (SOC)?

If MDR is the team reviewing the footage after the fact, then the SOC is the security guard watching the live monitors 24/7, patrolling the perimeter, and checking that the windows are locked before anyone tries to climb through.

A SOC is proactive. It scans your entire environment – looking at logs, traffic analysis, and telemetry data – to ask, ‘Where are our vulnerabilities?’ and ‘Is this behaviour normal?’

Unlike a standalone MDR tool that might flag a specific malware signature, a SOC looks at the bigger picture. It might notice an open port that shouldn’t be there or user behaviour that deviates slightly from the norm. It leverages SIEM (Security Information and Event Management) data to aggregate logs and identify patterns that a single lens of telemetry might miss..

The power of combining MDR and SOC

As mentioned, the belief that deploying an endpoint MDR agent provides total coverage is a risky misconception.

When you rely solely on MDR, you are often looking at the world through a limited perspective. You might see what’s happening on the endpoint, but you’re missing the network traffic, the cloud logs, and the identity management data. You are effectively blind to the ‘grey area’ activity that precedes an attack.

Conversely, a SOC without strong response capabilities can suffer from ‘analysis paralysis’ – identifying threats but lacking the tooling or authority to stop them instantly.

As noted in recent industry analysis, while MDR focuses on rapid detection and containment, a SOC provides the broader organisational oversight required to maintain a hardened security posture.

The most secure organisations don’t choose between MDR and SOC – they combine them to build a stronger defence. Here’s why this integration is essential:.

Clear insights
A SOC collects data from your entire infrastructure – firewalls, servers, cloud environments, and Intrusion Detection and Prevention System (IDPS). When you layer MDR on top of this, you give your ‘hunters’ a complete map of the terrain. They aren’t just seeing a virus alert – they are seeing the traffic that led to the download and the user account that authorised it.
Proactive and reactive mindset
You need someone checking the locks (SOC) and someone ready to tackle the intruder (MDR). A SOC ensures your environment is hardened against attacks by identifying vulnerabilities proactively. If a sophisticated actor does slip through, the MDR capability kicks in to contain the threat immediately.
Smarter threat containment
One of the critical advantages of a combined approach is the ability to take an endpoint offline safely. In a standalone scenario, isolating a critical server might cause more business disruption than the attack itself. With the telemetry and context provided by a SOC, an MDR team can make informed decisions about containment – cutting off the attacker without cutting off your business.

The verdict

The message is clear. To keep your data safe in a landscape populated by increasingly sophisticated threats, you need the proactive vigilance of a SOC combined with the reactive speed of MDR.

It’s not an ‘either/or’ decision. It’s about ensuring that when you leave the house, the doors are locked, the alarm is on, and someone is watching the cameras.

Why multi-cloud disaster recovery isn’t optional anymore

Boardrooms across Australia are asking uncomfortable questions: “What happens if Azure fails?” “How do we protect ourselves when our primary cloud provider has an outage?”

These aren’t hypothetical concerns anymore – they’re strategic imperatives driving a fundamental shift in how organisations approach disaster recovery.

The traditional model of relying solely on your primary cloud provider’s built-in backup features is proving inadequate.

As regulatory bodies like APRA scrutinise data protection practices more closely, and as organisations spread their operations across 10-15 different cloud platforms, the need for comprehensive multi-cloud disaster recovery has never been more pressing.

The multi-cloud reality check

Organisations aren’t choosing multi-cloud strategies for the complexity – they’re being forced into them by necessity. Development teams research extensively and select best-of-breed solutions, sometimes spanning nearly 20 providers to handle different aspects of their systems.

The result? A sprawling cloud infrastructure that’s powerful but fragmented from a disaster recovery perspective.

The numbers tell a sobering story. According to the Veeam 2024 Data Protection Trends Report, while 52% of organisations run containers in production (with another 35% in planning phases), only 25% protect their container deployments with purpose-built solutions.

Most administrators simply back up underlying storage or database components, presuming they can reconstruct everything else if needed.

Think about that for a moment. Would you only back up the storage under your hypervisor host? Would you only back up the database from your web application?

Yet this is precisely what’s happening across Australian organisations building complex cloud architectures.

When backup becomes an afterthought

The pattern is depressingly familiar. Organisations migrate data to various SaaS and PaaS platforms, drawn by promises of elasticity and innovation.

Backup? That’s considered after the transition is complete. By then, it’s often too late to implement cost-effective protection strategies.

APRA has taken notice.

Regulatory threats of licence removal are becoming a reality for organisations that can’t adequately protect their data. Sometimes the data literally cannot be backed up because certain cloud providers don’t release APIs, lack plugins, or simply don’t provide the necessary access points for comprehensive protection.

The ‘dump and sweep’ approach—essentially starting from scratch when disaster strikes—becomes the only option. There are no service level agreements in these scenarios.

The best you can hope for is to rebuild everything, knowing that some data and configurations will be permanently lost.

The shared responsibility gap

Cloud providers operate under a shared responsibility model, but many organisations haven’t grasped what this means in practice.

Your DevOps teams might be brilliant at deployment and scaling, but are they considering Grid Security Infrastructure (GSI) requirements? Are they protecting Git repositories and deployment pipelines?

These questions matter because if your code repositories and automated deployment pipelines are compromised, recovery becomes exponentially more complex. Ideally, recovery should be a few commands that rebuild the environment automatically.

Without proper protection of these foundational elements, you’re looking at weeks of manual reconstruction.

The responsibility matrix varies depending on whether you’re dealing with stateful or stateless applications. Stateful applications retain data about client sessions between requests, requiring more comprehensive backup strategies.

Yet according to container backup statistics, responsibilities for protecting these environments are scattered across database admins (27%), storage admins (24%), backup admins (21%), and Kubernetes admins (29%).

This fragmented ownership creates dangerous gaps. When everyone is responsible, often no one is truly accountable.

The true cost of reactive disaster recovery

Planning disaster recovery after implementation is expensive – and frequently sits outside the original project budget because governance and recovery weren’t included from day one.

This reactive approach creates a cascade of problems:

Budget overruns: Retrofitting comprehensive backup and recovery solutions costs significantly more than building them into the initial architecture.
Limited options: Once you’re locked into specific cloud architectures, your recovery options become constrained by what those platforms support.
Compliance violations: Regulatory requirements don’t wait for your recovery strategy to catch up with your cloud adoption.
Operational complexity: Managing disaster recovery across multiple disconnected systems requires significantly more expertise and resources.

When developers rush into cloud projects, diving into implementation without considering failure scenarios, they create technical debt that organisations will pay for years later.

The feature being available doesn’t mean it’s suitable for business usage – a distinction many teams learn too late.

Building resilient multi-cloud architecture

Effective multi-cloud disaster recovery starts with a simple question: ‘Can this system be recovered?’

This question should be central to every architectural decision from day one, not an afterthought.

Consider implementing these strategies:

Cross-cloud redundancy: Don’t rely on additional geographic regions from the same provider. True redundancy means having recovery capabilities across different cloud platforms.
Immutable backups: Ensure your backup copies can’t be altered or deleted, even by compromised administrative accounts.
Automated orchestration: Recovery procedures should be documented, tested, and automated wherever possible.
Regular testing: Conduct tabletop exercises and actual failover tests to validate your disaster recovery procedures.
Comprehensive protection: Backup not just your data, but your infrastructure as code, configuration management, and deployment pipelines.

The goal isn’t just to have copies of your data – it’s to be able to restore full operational capability quickly and reliably when things go wrong.

Moving beyond hope-based disaster recovery

The uncomfortable truth is that many organisations are running on hope rather than genuine disaster recovery strategies.

They hope their primary cloud provider won’t fail. They hope their backup procedures will work when needed. They hope they won’t face the regulatory scrutiny that’s shutting down less prepared competitors.

Hope isn’t a strategy. Multi-cloud disaster recovery, implemented thoughtfully from the beginning of your cloud journey, provides the resilience modern businesses require. It’s not about expecting failure – it’s about being prepared when it inevitably occurs.

Australian organisations face unique challenges, from APRA compliance requirements to the geographic realities of our market.

Those building comprehensive multi-cloud disaster recovery strategies today will be the ones still operating tomorrow when the next major outage hits.

The hidden cost of stale data and how to combat it

If there’s one thing we can all agree on, it’s that data has become the lifeblood of modern organisations. But as essential as it is, data also comes with a rapidly increasing price tag – especially when it overstays its welcome.

Stale, unused data doesn’t just clog up your hosting space – it also burns through your backup budgets, escalates disaster recovery costs, and importantly, opens the door to significant cyber risks.

For tech decision-makers striving to achieve cyber resilience while optimising cloud costs, it’s time to tackle the issue head-on.

The true cost of keeping everything forever

Not all data is created equal. Fresh, actionable data continues to power insights, decisions, and growth. But outdated, unused data? It’s the messy junk drawer of the digital age – except this drawer takes a toll on your bottom line.

Here’s why:

Hosting costs: Stale data hoards precious (and expensive) storage space on your primary servers. When you pay for hosting storage by the gigabyte, keeping old data around unnecessarily is like renting an oversized warehouse to store broken furniture. The expense accumulates quietly but relentlessly.
Backup and recovery costs: Every piece of data you retain needs to be included in your backup and disaster recovery processes. The more data you store, the more complex and costly these processes become. Keeping stale data in primary backups also increases recovery times, delaying critical business functions during a crisis.
Cybersecurity risks: Storing stale data expands your attack surface. Cybercriminals like to exploit this weak link, using outdated or poorly secured data repositories as a launch pad to escalate attacks. Getting smart about segmentation and strategic isolation of sensitive data are critical cybersecurity defences.

The value (and perception) of old data

The perceived value of stale data is one of the biggest obstacles organisations face when developing archiving or deletion strategies. “But what if we need it someday?” is a familiar refrain from leaders across industries.

While it’s true that historical data can be valuable for legal, financial, or compliance purposes, much of what we hang onto owes its survival to fear rather than necessity.

Consider these examples:

Law firms: Traditionally, law firms lean on the idea that “more is better”. With every signed contract, lawyers may gain access to all organisation-wide files, creating a conflicting scenario of unrestricted access versus confidentiality obligations. Dividing sensitive case files into segmented, tightly managed archives solves multiple issues – from protecting client confidentiality to reducing exposure to breaches.
Finance: Financial institutions face regulatory obligations to retain certain records for several years. However, there’s a tipping point where retaining old transactional data becomes a liability. Compromised credentials (think stolen usernames or passwords) tied to outdated but still-live systems can be the Achilles’ heel for cybersecurity in this sector.
Healthcare: Patient data is a veritable goldmine for cybercriminals. The problem? Hospitals and clinics often retain decades’ worth of medical records within their network’s primary environments. Without routine archiving or deletion processes, sensitive patient data remains vulnerable to breaches that could compromise hundreds of lives.

Across these industries, the need to strike a balance between access and data lifecycle management is evident. While keeping everything might feel “safe,” it ends up costing more than it’s worth – both financially and reputationally.

Smarter solutions for stale data management

So, how can organisations reduce the footprint of stale data while maintaining compliance and mitigating cyber risks? Archiving and deletion are your two best bets – and with the right framework, these practices can be both efficient and cost-effective.

Archive it: Move stale data to an offline archive. By removing inactive data from your primary storage while keeping it available for occasional retrieval, you shrink your digital “blast radius”. This keeps active environments lean, secure, and ready for business while ensuring old data doesn’t fall into the wrong hands.
Develop access controls: Following the principle of least privilege is an absolute must. Limit access to only those who truly need it. Audit permissions regularly to ensure that outdated access paths don’t remain open indefinitely. The faster you seal these gaps, the fewer opportunities bad actors have for exploitation.
Revalidate data significance: Not all data deserves a second life. Conduct regular audits of your systems to determine what’s worth archiving and what’s just digital clutter. If certain data no longer serves a business, compliance, or legal purpose – delete it for good.
Cyber recovery strategies: Cyber resilience doesn’t stop at security; it also requires readiness for when breaches occur. With 89% of organisations reporting that their backups were targeted during ransomware incidents, traditional backup methods need an upgrade. Rethinking your backup strategy ensures you can recover from attacks without being held hostage.

The bottom line

Holding onto stale data may feel like a safety net, but it’s more akin to dragging an anchor. Organisations must shed the “keep everything forever” mindset to protect their budgets – and their reputations.

With a strategic approach to archiving, segmentation, and data lifecycle management, you can light a path toward a leaner, more resilient cybersecurity future.

Because when it comes to data security, less is truly more.

Fortify your defences against ransomware

Ransomware isn’t what it used to be – if it were a game, it’s evolved from an informal backyard sport into a gladiator-type contest. And with Australia now being the fourth most targeted nation for cyber threats on critical infrastructure, cybersecurity professionals have their work cut out for them.

An additional concern is the gap between perceived readiness and actual resilience. Many organisations feel prepared because they react quickly after an incident, but true cyber resilience means getting ahead of threats before they materialise.

According to the Veeam Ransomware Trends Report 2025, ransomware attacks are becoming faster, more sophisticated, and more painful for victims.

One interesting trend the report highlights is that the percentage of organisations impacted by ransomware attacks resulting in data encryption or exfiltration has dipped from 75% to 69%.

At first glance, this might feel like we’re winning a battle. However, the real takeaway is that organisations are stepping up their defence, understanding that the burden is squarely on their teams to adapt and fortify themselves with a cyber resilience strategy that delivers.

Paying ransom is a gamble – and often a losing one

One of the main shifts in the ransomware landscape is the growing hesitance among victims to pay ransom demands.

The data backs this up. Of organisations that paid ransoms, 17% still couldn’t recover their data, and 69% of paying victims found themselves targeted again.

Regulatory changes add to the pressure not to settle ransom demands. For example, mandatory reporting laws force organisations to disclose ransom payments, inviting both scrutiny and reputational risk.

Governments are sharing the same message – several countries, including the United States, now strongly discourage or even prohibit certain organisations from paying ransoms..

Brand damage and PR nightmares

Beyond the astronomical financial burden, being hit by ransomware has damaging ripple effects on a company’s reputation. A successful attack signals a failure to protect critical assets, undermining customer trust and confidence.

For IT decision-makers, this isn’t just a technical problem – it’s a brand problem. Operational downtime, lost productivity, and fines or lawsuits add insult to injury.

Building true cyber resilience

Organisations that recover successfully from ransomware attacks have one key factor in common: preparation. It’s not just about backups; it’s about building resilience into IT and security practices.

The Veeam report outlines a few key strategies that are proven to boost recovery success rates:

Develop an incident response plan: Define roles to eliminate delays during an attack.
Use the 3-2-1-1-0 backup strategy: Three copies of data, two media types, one offsite, one immutable, and zero errors.
Train teams: Human error is a major entry point – security awareness is essential.
Harden security: Adopt zero-trust, enforce access controls, and keep systems updated.
Invest in detection and recovery tools: Combine security tools with resilience features for stronger defence.

Prevention, not payment, must be the priority

For organisations ready to fortify against ransomware—and emerge victims no more—the Global Storage team is here to help. From tailored cyber resilience strategies to advanced disaster recovery plans, we specialise in keeping your data (and sanity) intact.

Ransomware may have changed the rules, but with the right preparation, you can still win the game.

Written in partnership with

How AI is shaping the future of cybersecurity

AI is revolutionising business at lightning speed – but are we ready for the risks it brings? Cybercriminals are already leveraging generative AI to craft phishing attacks that are nearly undetectable and to spread highly convincing disinformation.

Cybersecurity has entered a new era, and while adopting AI is no longer optional, the real challenge lies in doing so responsibly without compromising your organisation’s cyber resilience.

The stakes are high: 57% of organisations have limited their Generative AI (GenAI) rollout to low-risk users, and 40% have delayed deployment by three months or more due to data security and governance concerns.

GenAI is cybercrime’s new weapon

In their 2025 Global Threat Report, CrowdStrike highlights how GenAI has rapidly emerged as a preferred tool for cybercriminals, owing to its accessibility and ease of use.

In 2024, GenAI played a bigger role in cyberattacks, especially in social engineering and information operations. Cybercriminals used GenAI to create realistic, convincing content without needing much training or effort, making it perfect for spreading deception on a large scale.

For example, the North Korean group FAMOUS CHOLLIMA used GenAI to create fake LinkedIn profiles and trick recruiters, even using it to generate responses during interviews. Cybercriminals have also leveraged GenAI for financial scams. In 2024, cases included deepfake videos of executives used to steal millions of dollars and voice cloning to pull off business email compromise (BEC) schemes.

The connection between GenAI and social engineering is becoming clearer in malware trends. For example, GoldPickaxe, a mobile malware targeting biometric data, has been used in the Asia Pacific to create deepfake videos since late 2023.

On top of that, research shows LLMs are better than humans at crafting phishing emails, with much higher success rates. These trends highlight how GenAI is changing the threat landscape and why strong defences against its misuse are critical.

Top insights from Gartner’s AI risk report

Gartner’s latest Market Guide for AI Trust, Risk and Security Management also dives into the challenges of adopting AI without proper governance – scenarios that impact every facet of business, including data management.

Their findings highlight the importance of trust, risk, and security management (TRiSM) in AI systems (more about that later). For now, here is a summary of Gartner’s key findings:

Organisations face various risks when using AI, with top concerns including data breaches, risks from third-party systems, and inaccurate or harmful outputs.
While attacks targeting enterprise AI are still rare, incidents involving uncontrolled, harmful chatbots and internal data sharing issues are frequently reported.
Layered measures for managing AI TRiSM apply to all types of AI, including built-in, custom-built, and advanced autonomous systems. These measures work alongside traditional security technologies.
A new market is forming around AI governance and enforcement tools, with unique offerings specifically designed to address AI-related risks.
The demand for GenAI TRiSM tools is growing, drawing competition from vendors of all sizes. Some vendors focus on security and risk mitigation, while others prioritise ethical practices, safety, and meeting compliance requirements. However, no single solution currently addresses all AI risks and challenges.
Managing AI trust and security often highlights gaps between organisational teams, prompting them to work together across departments to find effective solutions.

How TRiSM is forecast to shape AI in business

Gartner’s Market Guide for AI TRiSM recommends proactively managing AI risks by establishing a TRiSM framework that ensures responsible AI adoption before deployment.

Their AI TRiSM model is built on four key layers of technical capabilities, supported by a foundational fifth layer that includes more conventional technology controls, like network, endpoint, and cloud security solutions.

Making up the top two layers of Gartner’s AI TRiSM framework are newer additions to the party: AI governance and runtime solutions. These two functions are merging to create a new market segment, designed to oversee AI interactions more effectively.

By combining AI inventory management and continuous evaluations with runtime inspection and enforcement, teams can perform real-time risk analysis of AI systems that tie back to a continuously updated risk-scored inventory.

This new category builds on the foundation of traditional tools found in the bottom layers of AI TRiSM, which focus on AI information and workloads.

Building cyber resilience for tomorrow

Looking ahead, it’s clear that the future of AI isn’t just about innovation – it’s about finding the sweet spot between moving fast and staying accountable. AI is evolving rapidly, bringing incredible opportunities, as well as big responsibilities.

Gartner predicts that by 2027, ‘AI TRiSM as a service’ will emerge as a viable outsourced option for organisations lacking resources to implement comprehensive AI TRiSM services internally.

Additionally, by 2028 they expect that 25% of large organisations will establish consolidated information governance teams – up from less than 1% in 2023.

These predictions highlight a critical reality: The organisations that thrive will be those that view AI risk management not as a barrier to innovation, but as an enabler of responsible, scalable AI adoption.

Cyber resilience: Why playing defence after the whistle won’t win

The latest ransomware statistics are sobering, but here’s the hard truth: if you’re waiting for an attack to happen before strengthening your defences, you’ve already lost.

Veeam’s 2025 Risk to Resilience Report reveals a stark reality. While 69% of ransomware victims believed they were prepared before being attacked, that confidence dropped by over 20% after the incident.

The gap between perceived readiness and actual resilience highlights a critical flaw: too many organisations treat cybersecurity as reactive instead of proactive.

Ransomware is a battle against time and tactics

Law enforcement took down major ransomware groups like LockBit and BlackCat in 2024. However, this has led to the rise of smaller, more agile threat actors. These groups operate with alarming efficiency, reducing dwell time—the period between compromise and attack execution—from weeks to mere hours.

In Q2 2024, two of the top three ransomware groups had average dwell times under 24 hours, leaving organisations little time to detect and respond.

Australia’s experience with data breaches highlights this urgency. The Office of the Australian Information Commissioner reports that the health, Australian government, and finance services are among the top sectors for data breaches.

These aren’t just numbers – they represent real organisations facing real consequences.

The ransom payment trap

Some organisations see paying ransoms as a quick fix, but the reality is far riskier. Of those who paid, 69% were attacked again, effectively funding future criminal activity while painting a target on themselves.

The approach to incident response matters too. Companies with expert incident response teams were far less likely to pay ransoms – just 25%, compared to organisations handling incidents internally, which were 156% more likely to pay.

This reflects the difference between panic-driven reactions and well-prepared strategies.

Beyond backup: building true resilience

Traditional backup methods, while essential, are no longer enough to combat modern ransomware. The Veeam report found that 89% of organisations had their backup repositories targeted during attacks, with 34% on average being modified or deleted.

Relying on outdated backup strategies is like bringing water pistols to a gunfight.

Effective organisations embed resilience into daily operations through key practices:

Immutable backups: Prevent attackers from altering recovery data. Only 32% of organisations use them, despite their reliability.
Sandbox restoration protocols: Ensure data integrity by testing in a secure environment before returning to production. Yet, only 28% do this, while 39% restore directly to production – a risky gamble.
Cross-team collaboration: Strong coordination between IT and security teams significantly improves outcomes, yet 52% of organisations need major improvements here.

Human expertise matters

Technology alone isn’t enough. Resilience also depends on human factors like clear chains of command, defined protocols for ransom decisions, and comprehensive training.

Only 30% of organisations have clear chains of command, and just 26% have formalised ransom payment decisions.

While 98% of organisations claimed to have playbooks, fewer than half included critical elements like backup verification or containment plans.

Having a plan isn’t enough – it has to be the right plan. And it should be in place before disaster strikes.

Making resilience your competitive advantage

Defending against ransomware can’t be an afterthought. Resilience must be a daily priority, built into your organisation’s operations. It’s about more than avoiding downtime or protecting data – it’s about maintaining trust in a world where cyber attacks can destroy customer confidence overnight.

True data resilience requires a mindset shift from reactive response to proactive defence. It demands investment in both technology and people, creating systems that assume compromise rather than hoping to prevent it.

The question isn’t whether your organisation will face a cyber attack – it’s whether you’ll be ready when it happens. In cybersecurity, as in most aspects of business, preparation separates the survivors from the statistics.