Latest news with #cyberresilience
Yahoo
25-06-2025
- Business
- Yahoo
Commvault Systems's Q1 Earnings Call: Our Top 5 Analyst Questions
Commvault's first quarter results reflected solid execution, with management attributing growth to strong demand for cyber resilience solutions and continued traction in cloud-based offerings. CEO Sanjay Mirchandani pointed to rapid adoption of new products like Active Directory forest-level recovery and Cloud Rewind, as well as expanding relationships with large enterprise customers across financial services and regulated industries. The company cited its ability to help organizations address complex compliance needs and recover quickly from cyberattacks as key drivers of new business and customer expansion. Is now the time to buy CVLT? Find out in our full research report (it's free). Revenue: $275 million vs analyst estimates of $262.4 million (23.2% year-on-year growth, 4.8% beat) Adjusted EPS: $1.03 vs analyst estimates of $0.93 (11% beat) Adjusted Operating Income: $59.1 million vs analyst estimates of $53.97 million (21.5% margin, 9.5% beat) Revenue Guidance for Q2 CY2025 is $268 million at the midpoint, above analyst estimates of $263.2 million Operating Margin: 9.7%, up from 8.1% in the same quarter last year Annual Recurring Revenue: $930.1 million at quarter end, up 20.8% year on year Billings: $313 million at quarter end, up 28% year on year Market Capitalization: $7.6 billion While we enjoy listening to the management's commentary, our favorite part of earnings calls are the analyst questions. Those are unscripted and can often highlight topics that management teams would rather avoid or topics where the answer is complicated. Here is what has caught our attention. Eric Heath (KeyBanc Capital Markets) asked about macroeconomic impacts on customer buying and sales cycles. CEO Sanjay Mirchandani responded that cyber resilience remains a top priority for clients, with no significant change in sales cycle length or close rates from the previous quarter. Aaron Rakers (Wells Fargo) inquired about the integration and momentum from the Commvault acquisition. CFO Jen DiRico indicated that the business is fully integrated and contributes unique capabilities, especially in handling large cloud datasets, though specific numbers were not disclosed. Param Singh (Oppenheimer) questioned competitive dynamics following industry consolidation and how Commvault differentiates itself. Mirchandani emphasized the company's hybrid approach and focus on resilience, noting strong double-digit growth as evidence of market share gains. Rudy Kessinger (DA Davidson) sought clarity on ARR seasonality and productivity assumptions in guidance. DiRico explained that net new ARR is expected to follow typical quarterly patterns, with guidance reflecting prudent macro assumptions but confidence in the durability of the business model. James Fish (Piper Sandler) asked about international growth and the durability of regulatory-driven demand. Management stated that compliance-driven projects are ongoing and not a one-time event, with balanced growth expected across regions. In the coming quarters, the StockStory team will be monitoring (1) the pace of multi-product adoption among existing customers, (2) ongoing growth in SaaS ARR as Commvault expands its platform, and (3) the company's ability to leverage technology and reseller partnerships to drive new wins. The evolution of regulatory requirements and customer needs in data security will also be important factors to watch. Commvault Systems currently trades at $173.38, up from $165.72 just before the earnings. At this price, is it a buy or sell? Find out in our full research report (it's free). The market surged in 2024 and reached record highs after Donald Trump's presidential victory in November, but questions about new economic policies are adding much uncertainty for 2025. While the crowd speculates what might happen next, we're homing in on the companies that can succeed regardless of the political or macroeconomic environment. Put yourself in the driver's seat and build a durable portfolio by checking out our Top 5 Strong Momentum Stocks for this week. This is a curated list of our High Quality stocks that have generated a market-beating return of 183% over the last five years (as of March 31st 2025). Stocks that made our list in 2020 include now familiar names such as Nvidia (+1,545% between March 2020 and March 2025) as well as under-the-radar businesses like the once-micro-cap company Kadant (+351% five-year return). Find your next big winner with StockStory today. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Khaleej Times
25-06-2025
- Business
- Khaleej Times
Dubai is shaping a cyber resilient society, says top official
Dubai is not just building a secure digital environment, but shaping cyber resilience society on the anticipated threats with agility that recover with speed, said Abdullah Al Suwaidi, director of Cybersecurity Planning and Performance Department, Dubai Electronic Security Centre. Speaking during the opening keynote at the FutureSec 2025 conference organised by Khaleej Times, he said the emirate looks to 'transform every challenge into an opportunity". He added that challenges have never prevented Dubai from pursuing its ambitions, and they will never. 'Let us continue to innovate, collaborate and fortify so that Dubai remains a global leader in cyber security and a beacon of safety and progress in this connected world,' Al Suwaidi said during the conference, which was attended by hundreds of cybersecurity professionals from the public and private sector. He added that the goal is to keep the city's digital infrastructure resilient, forward-thinking and secure. 'But resilience isn't built on technology and regulation alone. It depends on people — skilled, prepared and empowered individuals. That's why our Cyber Security Centre and the Dubai Cyber Innovation Park are at the heart of our strategy. 'We work side-by-side with government entities to grow national talents, equipping teams with the expertise they need to defend against today's threats,' said the director of the Cybersecurity Planning and Performance Department at Dubai Electronic Security Centre. Founded in 2014, the centre was established to ensure that Dubai becomes a leader in cyber security and the protection of information from external cyber threats. The centre reinforces the technological progress and smart transformation that has been adopted and engrained in the foundations of the emirate, by establishing Dubai as a global leader in innovation, safety and security. Abdullah Al Suwaidi added that the centre took another bold step forward by releasing its Post-Quantum Cryptography Guidelines, ensuring that the city is not just ready for the current threats, but also for those that will emerge in the quantum era. 'We also conduct regular audits every government entity and it is assessed against ISR (Information Security Regulation) standards to make sure that that multi-layer defences are not just in place, but are working as intended,' he said at the one-day conference. Earlier, Ted Kemp, chief content officer of Khaleej Times, delivered the welcome address, where he urged the cybersecurity industry and media to work together. He added that the lines between human and machine adversary are blurring, and the consequences for organisations alike are profound. 'The profile of the typical cyber assailant has shifted far beyond the basement-bound teenage prodigy that many out there still imagine. In fact, it's even gone beyond that of the determined, geographically remote criminal syndicate. We now face an era of AI versus AI, where your own best efforts will have to evolve with the same speed as new intelligence-driven angles of attack,' he said. He urged media and security professionals to keep working together. 'Our shared mission is to inform, protect and empower so let's make today's FutureSec summit a platform for cooperation, innovation and renewed commitment to securing that future that belongs to all of us,' he added
Forbes
24-06-2025
- Business
- Forbes
DORA's Asian Fintech Reckoning Begins
The EU's DORA regulations are proving to be even more costly than expected. When the European Union's Digital Operational Resilience Act (DORA) became fully applicable on 17 January 2025, the measure simultaneously closed the last loopholes of regulatory arbitrage and opened an expensive new era of 'operational-excellence or bust.' The law blankets more than 22,000 banks, insurers, exchanges, asset managers and ICT vendors operating in the bloc, transforming cyber-resilience from a box-tick into a board-level KPI overnight. Official EU documents show the European Systemic Risk Board calling those 22,000 firms a potential single point of systemic failure—hence the bloc's hard line. Sticker Shock: Budgets Up 10× as the Clock Runs Down A McKinsey survey of European financial institutions found that 'typical' implementation budgets of €5-15 million are ballooning to five-to-ten times that range. One universal bank now projects nearly €100 million of end-to-end spend. Seven in ten respondents expect permanently higher run-rates once DORA goes live, yet barely one-third are confident they can make the deadline. Board-room risk is rising in parallel. Under DORA, individual executives face personal fines of up to €1 million for serious compliance failures, according to a PwC legal brief. That prospect is forcing Asian fintechs with European aspirations to revisit their capital-allocation models—and quickly. Asia's Exposure Is Deeper Than It Looks Some of Asia's biggest digital-payments players already sit squarely in DORA's blast radius: No Safety Net from Home Regulators Asian supervisors have issued high-level resilience frameworks—MAS's Technology Risk Management Guidelines in Singapore, and the HKMA's Operational Resilience (OR-2) module in Hong Kong, but neither provides the granular technical standards that European regulators demand. That leaves Asian fintechs to build parallel, EU-specific compliance stacks or risk losing euro-zone clients that now must evidence resilience across their entire supply chains. Critical-Third-Party Roulette The European Supervisory Authorities will publish the first list of Critical Third-Party Providers (CTPPs) by July 2025, triggering 12-month localisation, audit and reporting duties for whomever ends up on it. Cloud-native payments processors, API aggregators and even super-apps could find themselves thrust into a quasi-SIFI regime overnight—complete with EU on-site inspections. The New Arms Race: RegTech at Scale RegTech vendors are licking their chops. Juniper Research expects global RegTech spend to hit US $207 billion by 2028, more than double 2023 levels, with DORA a primary catalyst Juniper. Competitive fintechs are already: Integrated suites can shave up to 40 percent off total compliance costs versus siloed tools, according to McKinsey's scenario analysis—an efficiency gap large enough to decide M&A valuations. Winners, Losers and the M&A Clock The cost curve is already sorting leaders from laggards. With only 31 percent of surveyed organisations confident they would be DORA-ready on time, early-compliant fintechs are marketing resilience as a premium service. Institutional clients and private-equity investors are rewarding that posture with better terms and higher multiples. Conversely, fintechs unable to fund full-stack compliance are drifting into the acquisition cross-hairs of larger platforms seeking scale economies. Expect an uptick in Asia-EU tie-ups as mid-tier firms trade equity for regulatory cover. Four Strategic Plays for Asian Boards Why the Pain Is Worth the Prize DORA is the template for global convergence. The UK's Operational Resilience regime has been in force since 31 March 2022 with a final remediation deadline of 2025 FCA. US regulators are crafting parallel standards, and Asia-Pacific watchdogs—from MAS to Japan's FSA—are already cross-referencing DORA terminology in consultation papers. Asian fintechs that clear Europe's bar today will find tomorrow's rule-books far less daunting. Bottom line: Operational resilience has become the new passport to the world's deepest capital pools and most demanding clients. Asian fintechs that invest early—absorbing the cost curve shock and mastering DORA's playbook—won't just stay in the European game; they'll define the next phase of global fintech leadership.
Forbes
16-06-2025
- Business
- Forbes
Why Measuring Maturity Is Critical To Cyber Resiliency
James Blake is the Vice President of Cyber Resiliency at Cohesity and has over 30 years of experience as a CISO and in incident response. getty I often say that cyber resilience isn't something you can buy—it's an emergent property, the result of an organization taking the appropriate preparatory and operational steps to withstand a cyberattack. I once worked for a CEO whose boilerplate answer to any problem was to back a proverbial truck full of money into it—dumping dollar bills until the issue disappeared. He was used to traditional business continuity and disaster recovery scenarios, and he grew increasingly frustrated when "those cyber guys" couldn't give him a clear answer about how long systems would be down. This CEO was used to disruptions with obvious root causes: natural disaster, equipment failure, power loss or misconfiguration. Recovery in those cases was largely predictable—restoring operations en masse in the same or an alternate environment. You just needed to understand interdependencies and calculate speed—of network, storage and backup. Recovery time objectives (RTOs) and recovery point objectives (RPOs) could be measured and tested. But cyber incidents—especially large-scale destructive ones like ransomware or wiper attacks—are different. Attackers choose from hundreds of techniques across MITRE ATT&CK's 14 tactics. They disable end-point controls using vulnerable device drivers, hide in plain sight with legitimate IT tools, and rapidly weaponize and exploit vulnerabilities through Ransomware-as-a-Service platforms—faster than most organizations can patch. Did the attacker pivot through one machine or 50? If each machine could be a beachhead for reattack, investigation and remediation timelines vary wildly. Recovery could involve patching, configuration rollbacks, new controls, rotating credentials—all of which take time. How much time? Unfortunately, the adversary is often the one in control of that timeline. This lack of definitive timelines makes business leaders uneasy, but it's the reality we live in. Ironically, I've found that organizations with the most rigid RTOs are often the least prepared. They recover too quickly, skip remediation and are just as quickly reinfected or reattacked. Once we clarified the difference between business continuity, disaster recovery and secure cyber recovery, the CEO began to see that the headcount and spending were only part of the solution. What worked better? Planning. Cross-functional collaboration. A phased, pragmatic improvement plan. In short, maturity. Achieving cyber resilience isn't just about deploying the latest-and-greatest technology. It's about operationalizing that technology—building the appropriate workflows, processes and muscle memory so everyone knows their role when the inevitable attack happens. If we want to shorten those unpredictable recovery timelines, resiliency is our best tool. Think of cyber resilience as a chain—made up of technology, people and process. Each link matters. As the saying goes, a chain is only as strong as its weakest link. Any weak point—alert monitoring, threat hunting, vulnerability management, backup protection, digital forensics, incident response, logging, authentication, tabletop exercises, control tuning and threat intelligence—can degrade overall resilience. Yet organizations often launch massive projects to fix just one aspect, while ignoring another that is a dumpster fire. Modest improvements to the weakest link usually yield more value than myopic focus on perfecting a single, siloed initiative. Recent headlines show that organizations with massive cybersecurity budgets still suffer significant impacts from ransomware damage. That should be a wake-up call: It's not just about increasing spending and hiring more people. It's about applying those resources where they will measurably increase cyber resilience. The only way to do that? Step back, measure the relative maturity of each capability in your cyber resilience chain, and keep measuring as you evolve. That is how you avoid discovering—too late—that the chain was always going to break at the weakest link. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
