It is said that, in the face of AI-powered cyber-attacks, CIOs and CISOs should no longer be as concerned about cybersecurity than about business resiliency.
Of course, this is predicated on organizations already putting in place the necessary prevention and protection needed to keep as many cyber-attacks and vulnerabilities away as possible.
However, this is now an accepted cyber-truth: that it is not a matter of if a security breach happens, but when it happens. Therefore, how fast an organization recovers and returns to normal business becomes more important than enhancing or adding more cybersecurity tools, solutions and strategies.
Another important matter CIOs and CISOs need to pay attention to is futureproofing their organizations’ technology investments to ensure business continuity.
CybersecAsia recently discussed this subject of business resiliency in 2025 and beyond with Mohan Veloo, Field CTO, APCJ, F5.
As organizations operate more and more in an AI-driven hybrid cloud environment, what are some key issues CIOs and CISOs need to address immediately?
Mohan: To stay resilient in an AI-powered, hybrid cloud landscape, CIOs and CISOs must tackle the following key concerns:
- Data security, compliance and privacy– APCJ is a patchwork of evolving data protection regulations – such as Singapore’s PDPA, Thailand’s PDPA, Japan’s APPI and China’s PIPL – each with distinct requirements for data handling and cross-border transfers. AI relies on large volumes of data, making data governance paramount. Leaders should establish clear guidelines on data classification, encryption and retention. They must also stay abreast of evolving regulations to ensure cross-border data transfers and processing comply with regional requirements. Strong governance frameworks help organizations maintain trust and avoid hefty penalties.
- Security across disparate environments – As organizations distribute AI workloads across on-premise, private and public clouds, the attack surface grows. CIOs and CISOs must ensure consistent security policies, advanced threat detection, and real-time monitoring across all environments. Implementing a zero-trust security model – where identify and device verifications are continually enforced – can help mitigate risks
- Scalability and performance management – AI workloads can be resource intensive and unpredictable. Hybrid cloud strategies need robust workload orchestration, autoscaling capabilities, intelligent resource allocation. Asia’s diverse digital infrastructure can complicate deployment. Leaders should evaluate their infrastructure to ensure it can handle rapid increases in data processing without compromising on security or performance
- Talent and skills gap– AI-driven hybrid cloud environments demand specialized expertise—combining data science with cloud architecture and security know-how. Retaining and upskilling talent is vital to building and maintaining secure, high-performing AI systems. Leaders can also leverage managed services and automation to reduce operational complexity. Another consideration are vendors that specialize in hybrid security and delivery deployments.
- Responsible and ethical AI practices– With AI increasingly intertwined with critical business processes, CIOs and CISOs must address issues around AI bias, transparency, and accountability. They should establish policies to oversee model development, testing, and deployment—ensuring that automated decisions are explainable and adhere to ethical guidelines.
To ensure business resiliency, what role does data management play? Why are data observability and data governance important?
Mohan: In today’s rapidly evolving digital landscape, business resiliency depends on how well organizations manage, monitor, and govern their data. Data underpins every AI-driven insight and automated process. Effective data management ensures that information is accurate, consistent, and readily available—allowing organizations to make swift, well-informed decisions during crises or rapid market changes. When systems face disruptions (e.g., supply chain interruptions, network failures), proper data backup, disaster recovery, and robust data architectures can help maintain continuity and reduce downtime.
As businesses navigate diverse regulatory environments and evolving market demands across Asia Pacific, comprehensive data management practices enable quick reconfiguration of workflows to meet new requirements. Scalable data strategies—such as hybrid cloud storage or distributed data lakes—give organizations the flexibility to expand or shift operations rapidly without compromising performance.
How does data residency impact an organization’s business infrastructure?
Mohan: Data residency laws, which require businesses to store or process data in specific places, have a big impact on how companies design their infrastructure—especially in Asia Pacific, where regulations vary widely between countries.
To comply, many organizations end up deploying multiple data centers or using local cloud providers. While this approach can help avoid legal troubles and ensure access to local markets, it also brings extra complexity and cost. For instance, juggling parallel systems in different locations means more capital outlays and higher operating expenses, plus the need for specialized teams to handle issues like network latency and security measures.
From a technical perspective, organizations have to account for each region’s distinct requirements around bandwidth and data transfer. They also need to keep a close eye on data movement and lineage, ensuring encryption, access controls, and monitoring are consistently applied across the board—even with scattered infrastructure. This often dictates which vendors they can work with and influences the technology choices they make, since providers must offer in-region hosting that meets local standards. In some cases, regulations in one country might restrict certain cross-border transfers or impose extra audits, so careful oversight and reporting are key.
On the upside, having data distributed across multiple regions can bolster a company’s resilience. If there’s a local outage or disruption in one market, data stored elsewhere can help maintain operations. It also inspires confidence in local customers, who appreciate knowing their data is handled in accordance with their country’s laws. In this sense, while data residency rules can feel like a hurdle, they can also give organizations a competitive edge—helping them comply with local requirements and ultimately fostering stronger trust and long-term growth in the region.
In the longer term, what should Asia Pacific organizations invest in in 2025 to futureproof their technology investments?
Mohan: In 2025, it’s crucial for Asia Pacific organizations to futureproof their AI strategies by doubling down on a few key areas. First and foremost, they’ll need infrastructure that can keep pace with increasingly large and complex AI models—think hybrid or multi-cloud setups that can scale compute and storage on demand.
At the same time, data governance and observability frameworks will become non-negotiable, as companies grapple with a patchwork of evolving regional regulations. Having a clear view of where data comes from, how it’s processed, and who has access is not only a security imperative but also a cornerstone of maintaining trust with customers and stakeholders.
Beyond the technical foundations, responsible AI and ethical considerations must take center stage. This means putting real effort into detecting and minimizing model bias, making AI-driven decisions explainable, and following clear ethical guidelines. Such transparency helps businesses stay compliant while also strengthening their reputation in the market.
Meanwhile, the shortage of skilled AI professionals across Asia Pacific calls for ongoing talent development—whether through upskilling current teams, forging partnerships with tech providers, or investing in AI-focused education initiatives.
Rounding out these efforts, organizations should keep an eye on edge computing for low-latency applications and zero-trust security models to protect sensitive AI workloads from emerging threats.
By taking these steps, companies can ensure their AI investments remain robust, flexible, and primed to deliver significant value in a fast-changing digital landscape.
