That was the central question guiding our recent executive roundtable, co-hosted by Sheltered Harbor, AWS, NetApp, and Elastio in New York City.
The conversation brought together senior leaders in the financial services industry to explore what it truly takes to prepare for a ransomware event that could jeopardize data, disrupt operations, or erode customer trust. While the event was focused on financial institutions, the insights shared are relevant to any organization that views recovery as a strategic risk area.
Here are three key takeaways we hope all resilience leaders will carry forward.
- Executive Buy-In Is Foundational
Cyber resilience is not just an IT issue. It is a board-level concern that requires alignment across leadership, not only on tooling but on priorities. Everyone around the table agreed that programs stall without clear ownership, measurable objectives, and regular testing.
Executives set the tone. They define what “good” looks like and ensure it is resourced and reviewed. Recovery has to be treated as a business-critical capability, not an afterthought when something goes wrong.
Helpful resource:
Sheltered Harbor Maturity Model for Recovery
Use this to benchmark your current state, identify gaps, and clearly communicate next steps to stakeholders.
- The “Three I’s” Are the New Standard for Ransomware-Ready Data Protection
A recurring theme throughout the discussion was the growing adoption of the “Three I’s” framework: Immutability, Isolation, and Integrity.
- Immutability keeps backup data from being modified or deleted.
- Isolation ensures attackers cannot reach recovery data.
- Integrity validates that data is clean and restorable.
All three are essential. Without them, attackers retain leverage and recovery remains a gamble. As one participant put it, “Immutability without integrity is just a locked box filled with poisoned data.”
Helpful resources:
Cyber Vaults: How Regulated Sectors Fight Cyberattacks • Disaster Recovery Journal
Blog on the core pillars of effective cyber vaulting
Building a Sheltered Harbor compliant data vault on AWS | AWS for Industries
How AWS infrastructure can support immutability, isolation, and integrity
- Data Integrity Scanning Is Now a Core Security Control
It’s no longer enough to wait for a recovery event to find out if your data is usable. That moment is too late. Continuous integrity scanning of both production and backup data is becoming a best practice across regulated sectors. Why? Because ransomware actors are now employing tactics to bypass existing tools and remain undetected, compromising recovery long before alarms go off.
Expert-led scanning enables organizations to identify compromised recovery points and maintain a reliable inventory of clean data, ready when needed. Without it, organizations are flying blind.
Helpful resources:
Ensuring Clean Recovery Points in a World of Sophisticated & Evolving Ransomware
Why expert scans on backup data are necessary to continuously prove recoverability
ONTAP Autonomous Ransomware Protection (NetApp)
Behavior-based detection of ransomware in production data
Want to Go Deeper?
If you missed the roundtable but would like to continue the conversation, we’re happy to connect with you one-on-one.
Let’s ensure your organization is prepared to recover—before an attack puts it to the test. Contact – Elastio Software
About the Hosts
This event brought together experts across cloud, data infrastructure, and cyber recovery:
- Sheltered Harbor: The financial sector’s nonprofit standard-bearer for recovery readiness
- Elastio: The ransomware recovery assurance platform validating backup and recovery data integrity
- AWS: The cloud backbone supporting secure, scalable cyber resilience architectures
- NetApp: The intelligent data infrastructure provider with built-in ransomware protection
