In 2025, Chief Information Security Officers (CISOs) and CIOs across Asia are grappling with an increasingly sophisticated ransomware threat landscape. The 2025 Veeam Ransomware Trends report reveals a concerning shift towards smaller, opportunistic groups that exploit vulnerabilities in larger enterprises, making rapid detection and response essential.

FutureCISO spoke to Ben Young, Veeam's CTO for APAC to discuss how AI is impacting the cyber threat landscape, most notably in the areas of ransomware and phishing, and what CISO's must revisit as part of their resilience strategy.

Questions covered:

1. Give us your summary of the 2025 Ransomware Trends & Proactive Strategies report.

2. How are ransomware groups adapting to law enforcement pressure, and what does this mean for mid to large enterprises in Asia?

3. How is the shift toward data exfiltration (vs. encryption-only attacks) impacting our incident response plans?

4. Are we prepared for the legal and compliance risks if we pay a ransom, given new regional/international regulations?

5. Do our backup and recovery strategies meet the "3-2-1-1-0" rule? Is this strategy still relevant in the era of hybrid data, AI everywhere, and digital-native workforces?

6. Are cloud-based backups and managed services a viable strategy for improving resilience?

7. How can organisations reduce dwell time for attackers between infiltration and detection?

8. Are current employee training program robust enough to prevent phishing/social engineering breaches?

9. Are IT and security teams aligned to ensure rapid response during an attack?

10. Should CISOs consider third-party incident response partnerships to reduce ransom payments?

11. How will rising cybersecurity budgets be allocated between prevention, detection, and recovery? Any tips on how CISOs can get the budget they need for the organisation?