Ransomware has forever changed the way security leaders think about risk. Verizon’s 2025 Data Breach Investigations Report found that ransomware was involved in 44% of all breaches. For small and medium-sized enterprises, the problem is greater; ransomware is involved in nearly nine out of 10 breaches, compared to playing a role in 39% of incidents among large organizations.
Many of these attacks begin by breaching privileged accounts and identity infrastructure, targeting identities for access and influence. Compromising identity infrastructure such as Active Directory allows adversaries to escalate privileges and block legitimate users from their systems within minutes.
Even if those applications and data are restored, a compromised proprietary layer can leave an organization locked out of its environment for long periods of time, stalling recovery efforts across the company.
This is why identity detection is now a key ingredient in cyber resilience. Identity systems are deeply integrated into authentication and access mechanisms. When they fail, recovery becomes more difficult. Security leaders know that recovering identities is about restoring systems and restoring access securely, so attackers can’t get back in.
It’s a board-level problem
Boards of directors and regulators are now taking resilience as a core part of corporate risk management. Cyber insurance providers require evidence of tested recovery plans, irreversible backups, and defined recovery time and recovery point objectives before underwriting. Regulatory frameworks such as the General Data Protection Regulation and the California Consumer Privacy Act impose strict penalties for non-operation and disclosure of data.
As a result, organizations are moving beyond traditional maintenance strategies toward recovery engineering. Rescue is a designed capability rather than an emergency response. It relies on automation, orchestration, and repeatable processes that reduce reliance on manual intervention during high stress events. It also guides technology recovery and business priorities, helping CISOs communicate resilience in terms that executives and boards understand.
To minimize downtime and quickly regain control after a ransomware or identity-based attack, CISOs should prioritize these skills:
- Strength of ownership: Use immutable backups and automatic recovery for proprietary systems such as Active Directory.
- Zero-trust Architecture: Use less privileged access and continuous authentication to reduce the blast radius of the attack.
- Automatic orchestration: Limit the steps involved in the recovery workflow so that teams can respond quickly under pressure.
- Regulatory readiness: Make audit-ready reporting and ensuring compliance a part of resilience planning, not an afterthought.
- AI-ready protection: Account for the risks presented by autonomous agents and AI-driven operations by securing data environments and allowing rapid reversal of malicious actions.
- Make a single backup: Treat the backup site as a separate backup site that can act as a small active recovery site if needed.
Cognizant and Rubrik help organizations improve cyber resilience with a unified, service-based model that integrates data protection, identity resilience, and business continuity.
Rubrik provides capabilities such as immutable storage, rapid ransomware detection, sensitive data recovery, and identity integrity, including support for restoring Active Directory locations. Cognizant brings orchestration across domain expertise and expertise to guide recovery actions and business outcomes, ensuring recovery efforts support operational continuity and compliance requirements.
Learn more about how Cognizant and Rubrik are helping organizations strengthen business resilience. If you would like more information or have specific questions, send an email to: BusinessResilience@cognizant.com
About Sriramkumar Kumaresan
You know
Sriram Kumaresan leads the Global Cloud, Infrastructure and Security practice at Cognizant, overseeing approximately 35,000 professionals. With over 25 years of experience, he excels in building and growing businesses from one to the next. Sriram is responsible for driving market share (strategy, GTM and growth) and mindshare (offer, partner strategy and market positioning) through strategic approaches, customer focus and deep expertise for Cognizant’s Cloud, Infrastructure and Security business. In addition to his professional achievements, he is also a mentor and advocate for diversity in technology, aiming to inspire future IT leaders.
