Recovering Trust, Not Just Data:
James Blake (Cohesity) on the New Rules of Cyber Resilience
At the Cohesity Catalyst London event, cyber resilience expert James Blake sat down with Tech TV’s Pete Warren to discuss a hard truth, revealed by some new research: when an organisation is attacked, the clock is already running — and almost no one is ready. Recovery times promised at one or two days routinely collapse into weeks or months, because organisations underestimate how much they lose. It is not just data, Blake argued, but trust in networks, identities and applications. Every industry has a different tolerance for impact, yet the gap between promised and achievable recovery is nearly universal.
That gap is now a boardroom issue. As organisations retain ever more data to feed AI-driven insights, directors watching peers suffer prolonged outages are leaning on executives and asking awkward questions. Responsibility, Blake said, is climbing all the way to the CEO. Too many firms still treat cyber attacks as a technology problem — “we have backup, everything’s fine” — rather than a business, revenue and regulatory problem. Real resilience needs both security-led response and IT-led recovery working as one closed loop, plus a new breed of operational resilience managers emerging under regulations like DORA, PRA and NIS2.
Blake used the Jaguar Land Rover attack to illustrate the “long tail” of an incident. A large company may have the cash to survive, but its suppliers — some with only one customer — can collapse before systems come back, requiring government bailouts. This is why he champions the concept of a “minimum viable company”: the ability to keep people safe, meet regulatory and contractual obligations, and keep revenue flowing. Most organisations have never modelled what that looks like.
On AI, Blake called it a double-edged sword. Machine learning helps detect anomalies and attacks, but frontier models also lower the skills threshold for discovering vulnerabilities — a third of attacks on Cohesity’s customers already arrive through them. Crucially, though, the threat is amplification, not reinvention: ransomware and wiper attacks haven’t fundamentally changed, so the answer — building resilience — hasn’t either.
The heart of the message is that recovery must restore trust, not just availability. Simply throwing the last snapshot back into production, as one might after a flood or power loss, invites reinfection through compromised identities, persistence mechanisms and malicious group policies. Organisations get hit “again and again” because they skip the diligence of bringing systems back “harder, stronger.” Blake urged firms to move beyond theoretical tabletop exercises to realistic drills — cloning production environments and letting penetration testers attack them — to test people, process and handoffs before a real crisis. He warned against tick-box compliance, over-reliance on a single “hero” who may quit mid-incident, and hidden delays like missing license keys or building access.
Blake closed on ownership, accountability and sovereignty as defining themes of the coming decade. Liability is arriving through litigation and regulatory oversight, supply chains are increasingly complex, and every jurisdiction interprets rules differently. His prescription throughout: strong top-down governance, empowered lines of business, and getting ahead of the incident rather than pointing fingers in the middle of one.
-
Host: Pete WarrenTech TV Presenter
-
Guest: James BlakeEMEA Field CISO at Cohesity