In the Business Post on the 1st June 2025, Triangle Director Michelle Harris shared her perspective on why cyber recovery is no longer just a technical safeguard - it’s a board-level imperative.
As cyber threats continue to grow in frequency, complexity and impact, the conversation has shifted. Prevention alone is no longer enough. The real question is this: can you recover - with speed, integrity and certainty - when a breach occurs?
In the interview, Michelle outlines the core principles every organisation should apply to its cyber recovery strategy, highlighting that:
Operational resilience depends on more than disaster recovery and backup
It also requires Cyber Recovery: a third, distinct capability focused on verified, immutable data held in isolated environments.
Separation of duties is critical
Those managing your production systems should not be the same people managing recovery - a key requirement for both security and compliance.
Recovery must be routinely tested
Regulators and boards are increasingly demanding demonstrable, documented proof that recovery processes work - and that they’ve been tested under real-world conditions.
Clean-room environments and forensic insight are essential
These allow organisations to validate data before reintroducing it and to better understand attack patterns and vulnerabilities.
“You can hand out some of the work of a CISO, but you can’t hand out accountability. That has to lie within your organisation.”
In other words: cyber recovery isn’t just a fallback. It’s a pillar of operational resilience, and a strategic investment in business continuity, trust and long-term value.
This article first appeared in the Business Post - you can read the original here.
