How Leading CTOs and CISOs Define Data Resilience in the AI Era

In today’s digital economy, the role of data has evolved from being a means to an end to being the end itself. However, in the current race by businesses to leverage the power of AI within their products, platforms and processes, the data that is the force multiplier in this process has never been so vulnerable as it is today.

The amount of global data creation is likely to surpass 181 zettabytes, and most enterprise data is now distributed across Multi-cloud and Hybrid environments. Meanwhile, cyber threats are becoming more complex, regulations are becoming more stringent in different regions and there are relatively new risk types being introduced by AI systems, too. Against this background, a very fundamental question arises for technology executives:

What exactly is meant by "true data resilience" in the context of the AI-driven era?

This was the focus of the closed-roundtable discussion titled “The CXO Playbook for Data Resilience: Protecting Data, AI and Innovation. This was organised by Commvault in partnership with YourStory. The closed-roundtable discussion featured the participation of the most influential technology organisations in India through the presence of their top CTOs, CISOs and head engineers.

Instead, what evolved was a complex, experience-based definition of resilience—one which went well beyond back-ups and recoveries and into such diverse areas as governance, culture, architecture and accountability.

Data Resilience No Longer Relates to Recovery

For so long, resilience has been synonymous with disaster recovery or the ability to recover after a disaster. But in this new world involving AI, that definition has become hazardous.

Today’s business takes place on dozens of SaaS platforms, various cloud vendors, edge devices and AI models, all interwoven and constantly evolving. A single breach, model misstep or compliance incident can ripple through business units, customers and regulators in matter of hours.

As one of the CXOs said during the roundtable, “If a button existed that would restore it all back to normal in an instant, everyone would push that button. Real resilience is about preparing for when that button is not there.”

In other words, the concept of “resilience” in the modern world no longer means only “bouncing back,” but rather “withstand, adapt and remain responsible even in the face of failure.”

Data Quality: The Non-Negotiable Foundation of AI Resilience

However, one topic that was prevalent in the first part of the conversation was: AI systems are only as good as the data they consume

As per a report by Gartner, low-quality data hampers the performance of analytics and AI by costing organisations close to 12.9 million dollars every year. In the case of a company using an AI-driven compliance engine or a massive automation system, the consequences are more severe.

In some cases, participants spoke of environments that process billions of records on matters such as invoices, taxes and identity records annually. In such scenarios, data quality can never remain an after process. It has to be integrated into the process.

These included the following key practices:

• Automated validation checks at ingestion, transformation and output points

• Strict refresh cycles to eliminate model drift and outdated decision-making

• Unlimited monitoring for bias, lack of consistency and anomalous behaviour

One of the leaders explained that having outdated information is a performance consideration but it is also a matter of governance risk because models that use such information to make any kind of decisions can result in something that is harmful, unethical or even illegal.

Laissez-Faire Access Controls for AI are a Grave Risk

One of the most enlightening points of the roundtable discussion was the acknowledgment that conventional role-based access control (RBAC) models are not adequate in the context of the AI First era.

Where human actors are facilitated through roles, permissions and approval hierarchy restrictions, by contrast, AI agents can potentially access and interconnect data over vastly larger domains if not properly monitored. This poses a silent danger, especially within organisations that manage multi-tenant data.

This was aptly described by one of our participants, “If humans require access controls, AI systems require access controls even further.”

This has led to the incorporation of the following in today’s top organisations by the 

• Row-level and column-level data permissions 

• Granular access control policies pertinent to AI-related tasks 

• Data segregation by customers, geographic locations and regulatory environments 

So, for start-ups and scale-ups that work with multiple businesses, these best practices are no longer nice-to-haves but requirements for trust, compliance and success. 

End-to-End Data Protection Across the AI Lifecycle

True data resilience demands a defence-in-depth approach—one that protects information from the moment it is created or ingested, through its use by AI systems, and ultimately to its secure deletion.

CXOs at the roundtable emphasised the importance of multi-layered protection strategies, including:

• Encryption and masking of sensitive data

• Secure, immutable backups and air-gapped storage

• Network isolation and hardened identity controls

• Continuous monitoring and anomaly detection

Alongside technical safeguards, regulatory expectations are also intensifying. Leaders pointed to upcoming AI governance and audit requirements from the Reserve Bank of India, which will examine not just where data is stored, but how AI models access, process, and utilise that data throughout their lifecycle.

To reduce risk exposure, organisations are increasingly adopting measures such as:

• Isolating LLM training environments from the open internet

• Restricting AI workloads to managed virtual desktop infrastructures (VDIs)

• Enforcing human-in-the-loop validation for high-risk processes, including KYC and identity onboarding

As one CSO put it:

Today, explainability, accountability, and auditability are no longer optional enhancements. They have become foundational pillars of operational resilience in the age of enterprise AI.

Scaling AI, With Guard Rails

The roundtable highlighted just how deeply integrated AI already is within Indian organisations today.

Examples shared included:

• EdTech companies conducting over 100,000 AI-powered mock interviews.

• Recruitment and HR teams using AI to authenticate documents and detect fraud across lakh-plus hiring processes per quarter.

• FinTech firms unlocking significant innovation opportunities through:

  • Automated regulatory compliance, and

  • Intelligent risk monitoring systems.

Yet, across all these use cases, the emphasis was clear: guardrails matter more than speed.

AI systems are being intentionally deployed within controlled, secure environments, with human oversight retained for high-impact decisions. The consensus was unmistakable:

The Threat Landscape That Learns and Adapts

One of the most compelling discussions focused on the rapidly evolving nature of cyber threats.

Cybersecurity experts cautioned that attackers are now leveraging AI to create polymorphic, self-propagating attack patterns—threats that continuously change and adapt in real time. Such attacks have the potential to render traditional, rule-based security frameworks ineffective.

In this new reality, periodic audits and static controls are no longer enough. As the panel succinctly put it:

This calls for defence systems that can learn, adapt, and respond in real time, even to previously unknown threats. For CISOs, the implication is profound. Security is no longer just about prevention—it is about anticipation, intelligent detection, and rapid containment in an environment where threats evolve as fast as the defences designed to stop them.

Resilience as a Cultural and Organisational Mindset

Apart from technology, among the most robust messages that emerged during the roundtable discussion is that "resilience is ultimately a human and organisational challenge."

The key players are focusing on investing in: 

• Cybersecurity-awareness programmes on a constant basis 

• Incident simulations and tabletop exercises 

• Post-incident analyses that concentrate on learning, rather than fault finding 

• More control concerning the identity providers and layers of connectivity 

As AI models began to interact increasingly with users—sometimes through publicly accessible models—the obligations to protect users escalated exponentially. The importance of resilience being extended to user trust and ethical prowess was emphasised. 

Compliance in a World of Distributed Data

For big businesses reaching out to different regions and cloud systems, one of the most challenging aspects of resilience has become compliance.

Even if a deletion process from the production system itself proves to be easy, the following would have to be ensured:

• Backups

• Copies

• Archival repositories

• Disaster recovery environments

This is far more challenging. It remains very relevant in the context of the Indian DPDP Act, which defines the ‘Right to Forget’ and imposes very stringent obligations on organisations to monitor and delete personal data held in the entire data estate.

Commvault tackled this issue with the explanation that the "modern data resilience platform has to sit closest to the data itself" and index where every fragment of the data is. This is because, without this visibility, "compliance becomes a guessing game—and a regulatory risk." 

Intelligent Storage and The Economics of Resilience

One of the most important insights to emerge from these discussions was the changing economics of data protection.

With the exponential growth of unstructured data, traditional approaches—such as maintaining multiple full copies or frequent snapshots—are no longer viable. They are not only prohibitively expensive, but in many cases, actively risky.

Redundancy alone offers little defence against modern ransomware attacks. When an infection propagates across all instances of a file or dataset, having multiple copies provides a false sense of security.

As a result, forward-looking organisations are rethinking how they store and protect data by adopting:

• Advanced deduplication and compression to reduce storage overhead

• Tiered storage with intelligent retrieval, ensuring the right data is available at the right time

• Air-gapped backups, fully isolated from active environments and inaccessible to attackers

A powerful reframing emerged from the discussion: more copies do not automatically mean more safety. True resilience comes from copies that are secure, isolated, and reliably recoverable.

From IT Concern to Boardroom Priority

Perhaps the most significant takeaway from the CXO-level roundtable was the unmistakable shift of data resilience from the IT function to the boardroom agenda.

Today’s critical question for every CXO is:“What is the true cost of downtime to our business?”

When organisations fully account for lost revenue, regulatory penalties, reputational damage, and erosion of customer trust, resilience is no longer viewed as an operational expense—it becomes a strategic investment.

Commvault’s Indian engineering teams highlighted the importance of continuous collaboration with customers to improve recovery speed, reliability, and readiness. As one panel member noted:

Redefining Resilience in the AI Era

The rise of AI has fundamentally altered how resilience is defined.

Data protection is no longer about responding to failures after they occur. It is about designing systems, controls, and organisational cultures that anticipate disruption and respond intelligently.

From data quality and access, to explainable AI, intelligent storage architectures, regulatory compliance, and the evolving role of the CISO, leading CTOs and CISOs are reimagining resilience as an enterprise-wide capability.

In an environment where innovation is data-driven and failure can occur at machine speed, resilience is not about reaction—it is about competence. The ability to innovate confidently, operate reliably, and build lasting trust in an increasingly intelligent digital world.

Our Directors’ Institute - World Council of Directors can help you accelerate your board journey by training you on your roles and responsibilities to be carried out efficiently, helping you make a significant contribution to the board and raise corporate governance standards within the organisation.