About
Subscribe
  • Home
  • /
  • Security
  • /
  • Discussion about cyber resilience must lead to action, says Rubrik

Discussion about cyber resilience must lead to action, says Rubrik

Chris Tredger
By Chris Tredger, Technology Portals editor, ITWeb
Johannesburg, 09 Jul 2026
Dino Berardelli, account executive for Africa and emerging markets at Rubrik.
Dino Berardelli, account executive for Africa and emerging markets at Rubrik.

Cyber resilience may be a strategic priority in boardrooms, but a gap persists between mandate and operational reality, according to leadership at zero trust firm Rubrik.

Rubrik hosted a roundtable discussion on cyber resilience at the 2026 CISO Retreat, a by-invite-only event organised as part of the ITWeb Security Summit 2026. The interactive session focused on four connected areas: cyber visibility, audit and assurance readiness, identity resilience and data security posture – all of which combine to represent a holistic cyber resilience posture.

The conversation began with a probing opening question: "How confident are you that your board actually understands your cyber risk exposure – not just that you’ve presented to them, but that they understand it?"

This prompted discussion on several aspects considered pivotal to a company’s overall cyber security posture, including what current cyber risk reporting looks like, and where  the blind spots or known-but-unquantified risks exist.

Audit-readiness

The discussion turned to audit-readiness – how prepared are businesses, and are they aware of where gaps exist?

Participants focused on several key questions, including the impact of frameworks such as DORA and NIS2, and increasing board scrutiny; whether audit processes are revealing gaps proactively or finding them reactively; and how organisations are handling evidence collection – manually, through automation, or somewhere in between.

Identity resilience

Unsurprisingly, identity security triggered significant response from participants, given that it is widely acknowledged as the number one attack vector.

Several questions were tabled:

  • Confidence levels in detecting and containing a compromised identity – especially a privileged one – before it becomes a breach.
  • How non-human identities – service accounts, API keys and automated pipelines – are being handled.
  • Whether those are in scope for resilience programmes.
  • How companies are dealing with identity fragmentation across hybrid or multicloud environments.
  • Whether, in a recovery scenario, companies could confidently restore clean identities, or whether that remains a gap.

Rubrik also set aside time to address where sensitive data – often referred to as 'crown jewels' – resides within a company. This discussion covered data sprawl, particularly across cloud, SaaS and shadow IT; whether data classification is keeping pace with data creation and movement; and, of particular significance, how quickly a company can determine what data was impacted and what remained clean in a ransomware or exfiltration scenario.

In closing, Rubrik delivered a synopsis of the day and its position on these issues, noting that a critical message emerged: resilience is not only about keeping bad actors out – it is about knowing what a company has, knowing what matters, and being able to recover with confidence when something does get through.

Dino Berardelli, account executive for Africa and emerging markets at Rubrik, added: “What strikes me most in conversations with CISOs is the gap between what they know and what they can prove – to their boards, their auditors and themselves. Closing that gap – across risk visibility, identity and data posture – is where the real work of cyber resilience begins.”

Share