IT security provider Commvault Romania: Large companies are increasingly demanding our services due to the NIS 2 regulations

Commvault Global Vice President: It’s time for resilience to be more than just a response to crisis, but a permanent business strategy

• Country Manager Commvault România: Resilience is a priority in business, not just a technical term
• The first SHIFT Bucharest event brought together 180 partners, customers, and cybersecurity specialists
• Andi Mihai, DNSC Advisor: Many organizations lack clarity in the event of incidents

Commvault, a leading provider of cyber resilience and data protection solutions for the hybrid cloud, is counting on accelerated customer growth this year in the context of new European cybersecurity regulations (NIS 2), which will affect over 10,000 organizations at the local level, said Marius Miclescu, Country Manager Commvault Romania

The company’s local management estimates an accelerated increase in demand for data protection and post-incident recovery solutions

“2025 is the year when resilience has become a strategic priority for business, not just a technical term. By the end of the year, we aim to support as many organizations in Romania as possible in developing realistic plans to resume operations, based on continuous testing and validated restoration capabilities. We are no longer just talking about backup, but about the rapid and secure resumption of activity after an attack,” said Marius Miclescu, Country Manager, Commvault România.

Commvault enables customers to intelligently manage data with solutions that store, protect, optimize, and utilize information. Commvault software automates IT tasks and leverages data so that customers can gain valuable business insights.

Commvault Romania was launched in 2023 and has customers in telecommunications, energy, and the public sector.

The company launched its operations in Romania in the fall of 2023, with global management making this decision in light of the cyberattacks that have multiplied in recent years in Romania, but also as a result of the European NIS 2 cybersecurity directive, which will bring over 10,000 companies under regulation.

The cybersecurity threat level in the EU between July 2023 and June 2024 was assessed as substantial, with over 10,000 reported incidents, according to the European Union Agency for Cybersecurity (ENISA).The most prevalent threats were DoS/DDoS/RDoS attacks (41.1%), followed by ransomware (25.79%) and data-related incidents (19.01%).

“Requests from large organizations have increased significantly over the past year amid intensified ransomware attacks and compliance obligations brought about by the NIS 2 (Network and Information Security Directive) and DORA (The Digital Operational Resilience Act) directives. These two directives will have a major impact on the local cybersecurity market, considering that the main challenges in this field in Romania are the lack of an organizational culture focused on testing, the underestimation of cloud-related risks, and the fragmented approach to security solutions,” added Marius Miclescu,
Commvault Romania’s portfolio includes customers in the telecom, energy, and public sectors.

At the beginning of June, Commvault organized SHIFT, an event held in Bucharest that brought together 180 partners, customers, and cybersecurity specialists. The event featured 20 local and international speakers who presented state-of-the-art solutions for data protection, emerging trends in hybrid infrastructure security, and the role of artificial intelligence in preventing and managing cyber incidents.

‘”t’s time to move beyond the traditional model of operational continuity and adopt the new concept of continuous business. Designed for cloud-first enterprises, this new paradigm of uninterrupted operations and resilience is built on four core pillars: continuous security, continuous readiness, continuous recovery and continuous rebalance. Organisations need to develop these critical capabilities in order to maintain operations and services without significant interruption, even in the event of a cyberattack or another disruptive occurrence. Those that follow these principles can withstand cyberattacks, recover quickly and maintain essential operations, thereby minimising the impact on customers, employees and the business as a whole,” said Fady Richmany, Corporate Vice President, Emerging Markets, EMEA.

“The concept of ‘maximum permissible downtime’ is becoming the new benchmark for operational risk assessment. Organizations need to know exactly how long they can remain inactive without affecting their business. This requires constant testing, isolated recovery copies, and a scalable recovery strategy that delivers resilience and addresses cyber “fragility” challenges. It is about constructing the right strategy with tried-and-tested approaches to meet Survival Time Objective demanded by the business.” said Ravi Baldev Singh, Commvault Senior Director, Systems Engineering, Emerging Markets CEE, CIS, and META.

What cyber resilience means for companies in Romania
Florin Popa, Orange Business Director, spoke about the integrated approach to IT infrastructure so that it can withstand attacks.

“Cyber resilience must be approached in an integrated and unified manner, across the entire infrastructure—from networks and data centers to applications, devices, and cloud services. We operate a complex ecosystem that serves customers in all segments—SMEs, multinational corporations, and the public sector—and the need to maintain a high level of security and operational continuity is more relevant than ever. We are not just talking about technology, but about a unified vision of infrastructure and associated risks,” said Florin Popa, Orange Business Director.

“Cyber resilience is not just about prevention or rapid response. It is a matter of organizational responsibility to customers, partners, employees, and authorities. Unfortunately, many organizations lack clarity regarding roles and responsibilities in the event of an incident. This lack of coordination can lead to operational chaos at critical moments. Furthermore, at the top management level, there is sometimes a lack of deep understanding of the importance of resilience, especially since the benefits are not immediate or tangible. Education, awareness, and real leadership are needed in this area,” declares Andi Mihai, Advisor to the General Director of the National Directorate for Cyber Security (DNSC).

Among the SHIFT speakers were officials from companies such as Orange, Microsoft, PPC, Hitachi Vantara, Smart Control, Data Core Systems, Fsas Technologies, and Brinel, along with Commvault specialists and government officials.