Leaders Discuss Cyber Resilience, Recovery and Sovereignty at CIO ThreatScape

by Rick Martire, GM & Director - Sovereign Services Business Unit, Rackspace Technology and Simon Bennett, CTO (EMEA), Rackspace Technology

Threatscape-Post-event
A red image with text "Subscribe to the Rackspace Insights Newsletter" with a "Subscribe now" button. A mail icon is positioned to the right of the text.

ThreatScape Manchester highlights why trusted recovery, control and proven plans now define cyber resilience in modern threat environments.

Leaders gathered at CIO ThreatScape Manchester on March 19 to confront a hard truth: in today’s threat landscape, the real test is how confidently and quickly you can recover.

A central theme throughout the discussions was the growing urgency of having a clear, tested and controllable recovery plan you can rely on under pressure.

“Attackers are becoming much more sophisticated,” said Simon Bennett, CTO EMEA for Rackspace Technology, in his keynote presentation. “We’re now dealing with state-sponsored actors.”

In many cases, attackers no longer act quickly and noisily. Instead, they remain undetected for months, learning systems, mapping dependencies and identifying how to maximize disruption. This can include compromising identity systems, infrastructure access and even physical controls.

Crucially, recovery itself is now a target. “Cyberattacks are increasingly targeting recovery platforms and backups for infiltration, deletion or corruption,” Bennett added.

“You might find your only good backup is six months old,” said Bennett. “The regulator will have a field day with that, and your customers will leave you in droves. It’s essential to know that what you’re backing up is safe, secure and not compromised,” Bennett said.

This has shifted the conversation from simply having backups to trusting them and knowing exactly when data was last clean.

AI challenges defence and recovery models

During a roundtable, leaders from central government, legal, healthcare, retail and infrastructure shared how they are navigating this evolving landscape.

The conversation reflected several realities:

  • AI-driven and increasingly autonomous attacks are accelerating beyond traditional defence and response models
  • Recovery has become a governance, control and accountability issue, not just an operational capability
  • Recovery paths are now a primary target, requiring new thinking from CIOs and CISOs

While many organisations regularly test critical services and embed security by design, confidence in recovery remains uneven. As one participant noted, “There are always unknown unknowns,” reflecting a shared concern across the group.

Leaders agreed that a defined and achievable recovery plan is now essential, but more importantly, it must be operationally proven to hold up under real-world conditions.

One leader described building a seven-day recovery plan, while another focused on rapid response to reduce the public impact of an attack. Many highlighted the importance of clearly defining MVO and continuity strategies but acknowledged that confidence in execution under pressure remains a challenge.

Control, visibility and trust in recovery

A recurring concern was control over where and how recovery takes place.

Leaders emphasized the importance of understanding:

  • Where data will be restored
  • Who has access during recovery
  • Whether the recovery environment is isolated and protected
  • How quickly decisions can be made under pressure

Equally critical is data integrity and timing.

Rob Egley, Regional Vice President Sales for Rubrik, said a significant challenge is knowing the point in time to recover to once data has been compromised or deleted. “The implications for revenues and services are massive.”

This reinforces the need to move beyond having backups to trusting their integrity and provenance.

What to consider when working with recovery partners

Given the complexity of modern environments, most organizations rely on a combination of cloud providers, software vendors and service partners to support recovery.

Leaders discussed several practical considerations:

  • How clearly providers explain recovery processes and limitations
  • How quickly they respond to security or risk-related questions
  • Whether recovery environments are sufficiently isolated from production risks
  • How often are recovery capabilities tested in realistic scenarios
  • How responsibilities are shared and understood during a live incident

Rick Martire, General Manager, Sovereign Services at Rackspace UK, observed: “When you give your SLA to your SaaS provider, you’re trusting they will have done their part. But that’s not always the case.”

Rather than assuming coverage, organizations are increasingly validating these assumptions as part of resilience planning.

From backup to business confidence

The overarching takeaway from ThreatScape Manchester was clear: recovery is central to cyber resilience.

The discussion also explored how sovereign and isolated cloud models can support recovery strategies, particularly for regulated industries. Rackspace shared details of its UK Sovereign Cyber Recovery Cloud, designed to help organizations recover critical systems rapidly following a cyberattack. The approach combines isolated UK-based infrastructure with always-on security operations, helping you restore services in a controlled and trusted environment.

Martire pointed to real-world resilience as a key differentiator. “When Cloudflare and AWS had outages in November 2025, our sovereign cloud was not affected at all,” he said. “We’ve got many NHS, Local Government and manufacturing clients in sovereign cloud today. All of those were unaffected. We do simulations of undersea cables being cut to make sure it can stand alone.”

Organizations are asking more focused questions:

  • Can we trust our backups?
  • Do we know when they were last safe?
  • Can we recover quickly, with control, and to the right environment?
  • Have we proven this under real conditions?

The discussions at ThreatScape Manchester reinforced a clear shift: Recovery is now the core measure of resilience. Plans must be clearly defined, rigorously tested and proven under pressure to be effective. Resilience is determined by how quickly, completely and with how much control systems can be restored after disruption. Rackspace Technology works with organizations across the UK to design, test and operationalize recovery capabilities that meet those outcomes.

 

Strengthen your recovery strategy with sovereign control and rapid recovery timelines. Learn how Rackspace and Rubrik are helping UK organizations recover within hours in a secure, isolated environment.

Learn more →

 

Tags: