The rapid expansion of artificial intelligence and digital systems is transforming cybersecurity from a technical concern into a board-level business priority, according to Mandy Andress, chief information security officer at Elastic.

Speaking at the ET NOW Global Business Summit at a session titled ‘The Resilience Blueprint: Securing Global Innovation in the Age of Infinite Data and AI Disruption,” Andress said three forces are reshaping the global risk landscape: digitisation of everyday life, exponential data growth and the accelerating adoption of AI.

She noted that commercial and consumer behaviour has shifted almost entirely to digital platforms, from payments to enterprise operations. As per Andress, that shift has produced unprecedented volumes of data. To illustrate the scale, she cited an estimate that downloading all internet data generated in 2024 alone would take 181 million years.

Importantly, she added, most of that volume does not represent entirely new information. Roughly 90% consists of replicated or reformatted versions of existing data, circulating across platforms and systems.

This data surge is the foundation on which AI systems operate. While much public attention focuses on chips and computing infrastructure, Andress emphasised that AI’s true engine is data. “What makes AI operate is data,” she said. “Training models, making decisions, analysing logic all of that is driven by massive amounts of data.”

As AI systems become more autonomous, Andress said, the risks associated with them expand as well. “Automation is now essential for managing digital complexity at scale, but AI agents can act in unintended ways if guardrails are poorly defined,” she said.

“If an AI agent starts doing something you didn’t intend, the impact can be the same as a malicious insider,” Andress added.

Because of this, Andress argued that resilience must be embedded into overall business strategy. Cybersecurity, she said, can no longer be treated as merely an operational or IT function.

“Today, it’s an existential business risk,” she said, calling on boards and senior leadership teams to treat cyber preparedness as central to corporate survival.

She defined resilience as the ability to recover quickly from disruption, whether caused by ransomware, data breaches or system intrusions. “Recovery, however, requires preparation well before an incident occurs,” she said.

She also encouraged organisations to conduct regular scenario planning exercises that simulate real cyber crises. These exercises should include not only technical teams but also executives, legal counsel and communications leaders to ensure coordinated responses, Andress argued.

“If resilience is the ability to recover quickly, you need to know how to recover,” she said.

Looking ahead, Andress encouraged companies to move beyond resilience towards what she described as “anti-fragility”-the capacity to grow stronger in the face of disruption. “Anti-fragility is getting stronger in the face of chaos,” she concluded.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!