The chicken and the egg paradox applies to many conflicting scenarios in business and in life. For someone who’s just left school or university, it might be the need to have work experience for a particular job opportunity before they’ve had the chance to actually gain invaluable experience in that field. It’s a bit like skipping the birth process of human life: One cannot occur without the other.
The same principles apply to effective and resilient cyber-security, with the egg being effective protection. It is needed to secure a digital option, which is the chicken. However, there is also the need to protect the egg, which could be considered an organisation’s backups – even those that are air-gapped. No matter what an organisation does though, there is still the possibility of some type of breach occurring. This might be due to human factors in the case of data breaches on air-gaps, or through the use of artificial intelligence.
Rest on your laurels?
Does this mean that organisations should rest on their laurels and do nothing? David Trossell, CEO and CTO of Bridgeworks, says they shouldn’t. The best form of cyber-defence is to be proactive, to put precautionary measures in place to forestall any kind of attack – even if one is caused by a disgruntled former employee. “In some organisations, data and operational resilience is a regulatory prerequisite,” he notes, before commenting that, for example, banks must ensure the continuous availability, integrity and security of financial data during cyberattacks, system outages or disasters, with a growing focus on meeting regulatory standards like DORA – the European Union’s Digital Operational Resilience Act.
DORA came into effect on 17th January 2025. Even UK financial firms that operate in the EU must be compliant, and it also applies to their supplier, such as critical third-party technology providers. Brexit may have occurred 6 years ago, meaning that the UK is not bound by EU law, but that doesn’t mean that firms who wish to operate in the EU don’t have to comply with DORA. They do, and they must also comply with similar UK regulations – most of which are aligned on principles but are distinct in their application.
While there is no specific UK regulation or piece of legislation called DORA, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) – which is part of the Bank of England - have stablished the UK Operational Resilience Framework (similar to DORA), the Critical Third Party Regime, part of the Financial Services and Markets Act 2023 (which works similarly to DORA), and there are the FCA and PRA Outsourcing/Third-Party Risk Management guidelines.
Financial sanctions
Then again, a failure to comply with GDPR – the UK or the EU equivalent - could also attract serious fines. UK GDPR falls under the Data Protection Act 2018, and it empowers the Information Commissioner’s Office (ICO) to issue substantial fines for failures to protect customer financial data. Although not a bank, Capita PLC’s 2023 data breach illustrates the importance of stringent cyber and data security. This led the company to be fined £14m on 15th October 2025. The cyber-attack it suffered compromised the personal data of over 6.6 million individuals, and the breach impact many pension funds and financial clients.
Trossell therefore advises: “Regulatory compliance is becoming more and more demanding, as well as complex. The most important thing to do to achieve it, and to maintain service continuity, is to protect the organisation’s data. This is the best insurance policy for avoiding financial sanctions, reputational damage, and loss customer and partner relationships.”
It might seem cheaper to avoid investing in technologies that can help to protect data, and which can, in turn, enable regulatory compliance, but the cost of non-compliance is often far greater. It’s therefore always vital to invest in technologies and processes that can act like an eggshell – protecting the yolk, the data and the entire organisation from data breaches and from regulatory authorities’ financial sanctions.
Take backing up data – in some cases it needs to be done in real time, and in others it has to be done frequently enough so that if a data breach is successful, the organisation can remain resilient and continue to operate without fail.
“One way of doing this is to use WAN Acceleration, which can be used in conjunction with SD-WANs as an overlay, to obfuscate cyber-criminals by using artificial intelligence, machine learning and data parallelisation to expedite the transmission of encrypted data to cloud storage in at least 3 disparate locations,” says Trossell. Unlike WAN Optimisation, WAN Acceleration can send and receive encrypted data, while also mitigating the effects of latency and packet loss.
On edge, but don’t be!
Talking about edge computing and the risks of proximity, Trossell recently told Cloudfest: ““Hosting within the same data centre, or shadow centre, is still an issue. Sometimes failover zones are created by splitting the data centre in half, but it’s only fine if you don’t lose power to both sides. If you really want to have a secure disaster recovery system, you need a 3-2-1-1-0 approach.”
However, Denis Stanarevic, Solution Portfolio Lead for Data Services Platforms at Hewlett Packard Enterprise (HPE), also advised readers of the same article to adopt a posture of caution: “Proximity simplifies network design and accelerates backup and recovery. However, this approach exposes the environment to the risk of correlated failures: floods, earthquakes, power outages or coordinated cyber-attacks. They can simultaneously impact both production and disaster recovery environments.”
Define what’s of value
It’s therefore vital to analyse what equates to the chicken and the egg. They appear in different guises, but, for resilience, one of the loudest messages is that stringent data security is to prevent rather than react to data breaches. The second is its ability to securely send and receive data across a WAN, which is, in an eggshell, is crucial to resolving and ensuring and achieving regulatory compliance and service continuity.
For example, Trossell reveals that, in 2019, Investec Private Bank deployed WAN Acceleration with Bridgeworks PORTrockIT to resolve critical data replication issues between its South African HQ and its UK servers. Together, they achieved in a 424% increase in traffic throughput. More to the point, the bank met all GPDR compliance requirements, as its databases were able to be in synchronicity. WAN Acceleration also permitted it to gain “proper, decent performance for trading,” said Mark Backes, who’s currently the Global Network & Communications Co-Lead at the bank, to Computer Weekly. It goes to show that resolving and investing in overcoming the chicken and the egg paradox can make a chick - delivering significant results.
Happy Easter from Bridgeworks!
