Triangle Director of Technology Ciaran Garvey recently spoke with The Business Post about why operational resilience has moved beyond IT and why trusted recovery is now a business survival issue.
For many organisations, cyber resilience still sits within the IT team's remit. But as attacks grow more frequent and more damaging, it's becoming a question that belongs in the boardroom.
Operational resilience is no longer something organisations can treat as a purely technical concern.
In the article, Triangle Director of Technology Ciaran Garvey outlined how the conversation has shifted. What was once framed around backups, secondary sites and disaster recovery is now a broader business question: if critical systems are compromised, how does the organisation continue to operate, recover with confidence, and protect revenue, service delivery and trust?
That shift matters because cyber recovery is not the same as traditional disaster recovery.
Disaster recovery & cyber recovery require different assumptions
Traditional disaster recovery is built around availability. The assumption is that a secondary environment is available, clean and ready to support recovery.
Cyber recovery begins from a more difficult position. In a serious cyber incident, you may not be able to trust production systems, configurations or even parts of your data estate. Recovery is not just about getting systems back online. It is about doing so in a way that is isolated, tested and defensible.
That is why organisations need more than backup technology. They need a recovery model that allows them to inspect, validate and restore critical systems in a controlled environment before anything is brought back into production.
Start with the minimum viable company
One of the practical points Ciaran covers in the article is where to start. For many leadership teams, resilience can feel too broad and too expensive if framed as an attempt to protect everything equally. A more workable approach is to define the minimum viable company:
What are the systems, data sets and services the business cannot operate without?
Those are the assets that need priority. They are the foundation for a cyber recovery strategy, because they determine what must be protected in an isolated recovery environment and what must be recovered first, under pressure. This creates focus. It helps boards and technology leaders make decisions based on business impact, not just technical preference.
Detection is useful, but it is not enough
Many platforms now offer ransomware detection features, anomaly alerts and other indicators of compromise. These capabilities are valuable, but they are only one part of the picture.
An alert may tell you something is wrong. It does not tell you that recovery will work.
Operational resilience depends on the ability to move from detection to trusted recovery. That means having isolated copies of critical assets, documented recovery runbooks, regular testing, and confidence in the exact steps required to bring systems back safely. Without this operational discipline, many organisations are still left with uncertainty at the point they need clarity most.
Recovery needs structure, separation and rehearsal
Another key theme in the article is separation of duties. If the same people, processes or administrative pathways span both production and the isolated recovery environment, risk can travel with them. Good cyber recovery practice depends on clear separation between the live environment and the recovery capability designed to protect it.
It also depends on rehearsal. Recovery plans cannot sit on a shelf. They need to be exercised regularly so that teams understand their roles, gaps can be identified early, and recovery steps can be refined before a real incident occurs.
That is where managed cyber recovery services can add value, by helping organisations build, test and operate recovery processes in a way that is practical, repeatable and aligned to business priorities.
Read the full interview with Ciarán Garvey in the Business Post here.
