Cyber Resilience Best Practices: Connecting The Dots Beyond Cybersecurity

• Maersk has faced a cost of an estimated sum of $300 million after the NotPetya malware shut down their operations
• Yahoo got $350 million less from Verizon after it suffered two cyberattacks which decreased its valuation

Lately, cyber resilience has become quite the buzzword in the industry. And the reasons are pretty obvious. You might be working on cybersecurity for decades and be already prepared for data breaches and cyberattacks in a more text-book context. But what if disaster hits you? In that case, would your business still be able to function properly? That’s probably why achieving cyber resilience is very important for your organization.

Recent reports reaffirm that data breaches, cyberattacks, and fraud remain among the most significant risks for businesses globally. According to the WEF Global Cybersecurity Outlook 2025, 72% of organizations say cybersecurity risks are increasing, with ransomware and cyber-enabled fraud ranking among their top concerns.

For instance, a 2025 cyber-attack on M&S disrupted its online operations and supply chain. The company estimated the cost of the attack at about £300 million (~US$400 million).

Another example is Clorox. After a cyberattack in August 2023, the company reported about US$49 million in losses, primarily from system disruptions, recovery efforts, and order processing delays.
 

Achieving Cyber Resilience

Cyber resilience is not a one-time thing, it’s a continuous iterative process that provides constant scrutiny across the organization to help in recovering from an attack. This process is different to traditional defenses which lose their usefulness, once bypassed. To achieve cyber resilience, it’s important to achieve the right balance between people, processes, and technology. The common mistake made is to become over-dependent on technology and tools while ignoring the importance of well-informed and skilled people and well-designed processes for cyber resilience. You should try to fit together all three components of cyber resilience in a complementary way, without gaps.
 

Governance and Processes:

The right governance and strong processes in place play an important role in achieving cyber resilience.

You can follow some of the best practices as below:

Regulatory Reporting and Assurances: Regulatory compliance might seem to be ineffective as it mainly consists of checkboxes and forms, but it’s a good practice. You should validate that proper controls are in place and operating effectively on data.

Responsive Governance: You need a responsive, agile adjustment of policies, processes, and technologies in place rather than depending on a fixed review period.

Alignment with the Organization’s Overall Governance Framework: You need to ensure that the organization’s overall governance plan, i.e. documented strategies, principles, policies, rules and procedures are in line with the overall Governance, Risk, and Compliance (GRC) framework.
 

Governance Best Practices for Cyber Resilience 

Strong governance is the backbone of cyber resilience. It ensures that organizations not only respond effectively to cyber incidents but also build proactive defense mechanisms. Governance establishes clear roles, accountability, and oversight—factors that are critical in protecting digital assets and maintaining trust. Below are key governance best practices:

1. Define Clear Ownership and Accountability

• Assign specific cyber resilience responsibilities to executive leadership, IT, and risk management teams.
• Establish a board-level committee to regularly review cyber risks, resilience strategies, and performance metrics.

2. Align Cyber Resilience with Business Objectives

• Cyber resilience should not be viewed only as an IT function. Instead, it must be integrated into broader business strategies, ensuring that security measures support growth, regulatory compliance, and customer trust.

3. Adopt a Risk-Based Approach

• Focus resources on protecting the most critical assets—such as customer data, financial systems, or operational technology.
• Implement frameworks like NIST Cybersecurity Framework or ISO/IEC 27001 to prioritize risks based on likelihood and potential impact.

4. Implement Policies and Standards

• Establish strong cybersecurity policies covering data handling, third-party vendor security, and access management.
• Regularly update policies to reflect new threats and regulatory changes.

5. Continuous Training and Awareness

• Human error remains one of the biggest vulnerabilities. Conduct frequent training, phishing simulations, and scenario-based workshops for all employees.
• Encourage a culture of shared responsibility where cyber resilience is part of everyday operations.

6. Regular Audits and Independent Reviews

• Conduct internal and external audits to evaluate resilience measures.
• Use findings to improve processes and validate compliance with regulatory requirements.

By embedding cyber resilience governance into organizational culture and decision-making, companies can strengthen defenses, reduce downtime during incidents, and maintain stakeholder confidence.
 

What Is Cyber Resilience and Why It Matters

Cyber resilience is an organization’s ability to withstand, adapt to, and quickly recover from cyberattacks or IT disruptions while continuing to deliver critical business operations. Unlike traditional cybersecurity—which primarily focuses on preventing breaches—cyber resilience accepts that incidents are inevitable and emphasizes preparedness, response, and recovery.

The importance of cyber resilience has grown in recent years as cyberattacks become more frequent, sophisticated, and damaging. According to IBM’s Cost of a Data Breach Report 2025, the global average cost of a data breach reached $4.4 million. Beyond financial loss, breaches cause reputation damage, regulatory penalties, operational downtime, and erosion of customer trust.

Cyber resilience matters because:

1. Downtime is costly: For industries like finance, healthcare, and e-commerce, even a few hours of system outage can result in millions of dollars in losses.

2. Threats are evolving: Attackers leverage AI, ransomware-as-a-service, and supply chain vulnerabilities, making prevention alone insufficient.

3. Compliance requires resilience: Regulations such as GDPR, DORA (Digital Operational Resilience Act), and HIPAA increasingly demand proactive resilience planning.

4. Business continuity depends on it: Resilient systems ensure critical operations and customer services continue even in the face of disruptions.

In short, cyber resilience is about moving from “if an attack happens” to “when it happens”—and ensuring your organization is equipped to respond effectively.
 

Key Pillars of Cyber Resilience: People, Processes, and Technology

Building cyber resilience requires a holistic approach that blends human readiness, organizational processes, and modern technology. These three pillars reinforce one another and together form the foundation of a robust resilience strategy.

1. People: Awareness and Training

Employees are often the first line of defense—and sometimes the weakest link. Phishing, credential theft, and insider threats remain leading causes of breaches. A resilient organization invests in:

- Security awareness training: Regular sessions to educate employees about phishing, social engineering, and safe online practices.
- Incident response drills: Simulations (like tabletop exercises) to ensure staff know their roles during a cyber incident.
- Culture of accountability: Encouraging employees to report suspicious activity without fear of blame.

When people are well-informed and empowered, they become active participants in safeguarding the organization.

2. Processes: Governance and Preparedness

Resilience depends on clear, tested processes that enable organizations to anticipate, respond to, and recover from disruptions. Key processes include:

- Risk assessments: Identifying critical assets, vulnerabilities, and likely threats.
- Business continuity and disaster recovery planning (BCP/DRP): Ensuring operations can continue even during crises.
- Incident response frameworks: Defining escalation paths, communication protocols, and post-incident review mechanisms.
- Regulatory compliance: Embedding requirements like GDPR, PCI-DSS, or NIST into everyday workflows.
- Processes provide the structure needed to transform awareness into action.

3. Technology: Defense and Recovery Tools

Modern cyber resilience is powered by technology that not only prevents attacks but also enables rapid recovery. Examples include:

- Endpoint Detection and Response (EDR) & SIEM tools: To detect and respond to suspicious activity in real time.
- Zero Trust architecture: Minimizing attack surfaces by enforcing strict access controls.
- Data backup and recovery solutions: Ensuring business continuity by safeguarding critical data.
- Automation and AI-driven threat intelligence: Speeding up detection and incident response.
- Cloud resilience: Leveraging multi-region redundancy and failover to minimize downtime.

Technology acts as the backbone of resilience, but without trained people and structured processes, tools alone cannot guarantee protection.

Together, people, processes, and technology form a balanced resilience strategy. An organization that invests in all three pillars not only reduces the likelihood of cyberattacks but also ensures it can bounce back quickly, maintain trust, and protect long-term business value.
 

Documentation Process for Collaboration and Information Sharing

- You need to collaborate within the organization as well as externally with third-party organizations to gather intelligence and engage specialists to undertake security monitoring and assessments.

- You should have confidential information-sharing arrangements in place.
 

Centralized Asset Management and Configuration System

You should create an asset inventory for software, hardware, and data, both internal and external, which is managed through a centralized asset management system to achieve full visibility of the organization’s critical assets and security controls. This makes overall management easier.
 

Response Planning

You should be ready to face cyber breaches and should check your preparedness for the same in a timely manner using some of the strategies as below:

• Scenario based prediction: Given a scenario, you should be able to predict the types of incidents/attacks that might occur based on a specific risk profile. Then implement and exercise response processes accordingly.
• War gaming: You can adopt war gaming exercises in your organizations to better understand and plan your defense against malicious cyber activities. It’s more like a team fighting with hackers who are trying to attack your organization.
• Proactive reporting: You should have a holistic reporting mechanism in place to cope with a changing threat landscape and security controls that are in place.
   

Cyber Resilience Response Planning and Testing 

Even the strongest defenses cannot guarantee immunity from cyber incidents. This is why response planning and regular testing are crucial for effective cyber resilience. A well-tested plan ensures that organizations can recover quickly, minimize financial losses, and protect their reputation.

1. Develop a Comprehensive Incident Response Plan (IRP): 
- Define step-by-step procedures for identifying, containing, eradicating, and recovering from cyber incidents.
- Clearly assign roles and responsibilities to IT teams, communications teams, legal counsel, and executive leadership.

2. Integrate Response Planning with Business Continuity and Disaster Recovery: 
- Cyber resilience cannot exist in silos. Align incident response plans with broader Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies.
- This ensures seamless recovery of both IT and business processes after a disruption.

3. Scenario-Based Testing and Tabletop Exercises: 
- Conduct simulated cyberattacks (e.g., ransomware, insider threats, supply chain breaches) to evaluate preparedness.
- Tabletop exercises involving cross-functional teams help identify gaps and improve coordination during real-world crises.

4. Test Backup and Failover Systems: 
- Regularly test backups for integrity and accessibility. A backup plan that fails under pressure can prolong downtime and increase losses.
- Verify that failover systems can handle real workloads in case of an outage.

5. Evaluate Communication Strategies: 
- Communication during an incident is as important as technical recovery. Test internal communication channels to ensure employees know how to report issues.
- Develop pre-approved messaging templates for regulators, customers, and media to reduce panic and misinformation.

6. Continuous Improvement Through Post-Incident Reviews: 
- After every test or actual incident, conduct a lessons-learned exercise.
- Update response playbooks, training modules, and technical controls to address gaps identified.

Effective planning and rigorous testing make the difference between a company that collapses under a cyberattack and one that bounces back stronger. By ensuring that response plans are both comprehensive and regularly tested, organizations can dramatically improve resilience and reduce risk exposure.

Creating a Communication Plan

Have a documented communication plan in place to determine when and how to notify customers, other key stakeholders, and public relations teams.
 

Identifying and Detecting Security Incidents

- Continuous monitoring systems

Use technologies like Security Information and Event Management (SIEM) to detect and alert of anomalous behaviors.

- Data analytics

There are a lot of threat feeds like threats detected by internal teams, OSINT, collaboration and information-sharing channels etc. and it’s important for you to utilize this data and get actionable insights using analytics which give a real time view into risks and the threat landscape.

Preventing Security Incidents

You can deploy the following controls to prevent cyber security incidents:

- Application control: This will prevent execution of malicious/ unapproved programs.
- Patch applications: Patch all the applications on a timely basis.
- Configure Microsoft Office macro settings: Block the macros execution from the internet, and only allowing it from trusted sources.
- Application hardening: Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
- Restricting administrative privileges: Restrict the admin privileges of key applications and operating systems based on user duties and validate the need for privileges on a regular basis.
- Set up multi-factor authentication: For privileged users or users with access to sensitive/high availability information.
 

Recovering Data and System Availability

Instill a culture of taking daily backups: It’s important that you should take daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months.

People:

People are considered to be the weakest link of the cybersecurity chain, and are usually targeted by hackers. Make sure that everybody in the organization gets relevant cybersecurity trainings depending on their roles and are engaged on regular basis.

Board Engagement

Your cyber resilience program should start from the very top of the organization. Board members should engage in:

- Periodic review of different cyber resilience initiatives and their progress.
- Cyber resilience as a management tool: To continuously monitor the organization’s readiness to face a cybersecurity attack or data breach.
- Cyber resilience fluency: Train your board members in basic cybersecurity terms that are important to your business, and also those that they need to look out for. In this way, they can ask intelligent questions to auditors, and others related to cyber resilience.

Cyber Risk Focused Groups

Establish specialist functional groups within your organization to monitor and address risks in real time.

Continuous Development

Keep plans and strategies in place for continuous development of knowledge and awareness of your staff —so that they can provide an effective defense against malicious cyber activities like phishing attacks and other forms of social engineering.

Random Staff Testing and Effectiveness Check of Your Defenses

Conduct regular random testing activities to check the awareness of stakeholders as well as the security teams to stop those attacks. For example, you can send a test email containing malware to a staff member or group to test their response and based on their response they could go through further trainings to develop the awareness and skills required.

Red Team

Enlist experts who try to break into your systems to check the effectiveness of your defenses.

Tools and Technologies

Technology is the biggest enabler to fight against cyber criminals and is the most trusted and important pillar to achieve cyber resilience. The following technologies can help you in your continuous journey to achieve cyber resilience:
 

Using Automation and Orchestration Technologies as a Part of Response and Recovery Capabilities:

• Orchestration can augment analysis, giving your team quick access to information and the ability to respond faster.
• Automation can be utilized in the recovery of interconnected systems as manual recovery might introduce human error. It can also mitigate that risk and facilitate a faster recovery.
   

Air-Gapped Protection as a Fail-Safe Copy Against Propagated Malware:

Air-gapping is separating critical assets from other systems or networks physically or virtually. As in recent ransomware attacks, hackers used an automated piece of malware which can quickly traverse the network, creating havoc. As a best practice, you can create an air-gapped copy of critical assets (data and systems) to mitigate the risks of exposure and attacks.
 

Prevent Back Up Corruption and Deletion: Use Write Once, Read Many/Immutable Storage Technology:

Ransomware attacks like WannaCry, NotPetya have established the need for stronger protection against the corruption or deletion of data. You can use WORM/immutable storage technologies to maintain the integrity of data which in turn maintains business resiliency against the cyber-attacks.
 

Identifying the Recoverable Data using Efficient Point-in-Time Copies and Data Verification:

In complex attacks, hackers might be living in your network for years, meaning that there is a good chance that backup might be infected. You can use highly efficient point-in-time technology to maintain multiple copies of data and continuous data verification can help you proactively identify potential infections and take corrective actions.
 

Using Advance Technologies like Deception to Hack the Hackers:

You can use advanced technologies like deception technologies to deceive attackers by distributing a collection of traps and decoys across a system's infrastructure to imitate genuine assets.
 

Cyber Resilience Case Studies

Cyber Resilience Checklist for Organisations

Here’s a list of practices organisations should implement to bolster cyber resilience:

1. Regular Risk & Threat Assessments
-  Identify evolving threats, such as phishing, cloud misconfigurations, insider threats.
-  Quantify impact and likelihood.

2. Robust Backup and Recovery Plans:
-  Maintain offsite / immutable backups.
-  Test failover procedures frequently.

3. Layered Security Controls
-  Network security (firewalls, segmentation).
-  Endpoint security, encryption, authentication (MFA).

4. Incident Response & Crisis Communication Plan
-  Define roles, responsibilities.
-  Rapid detection, containment, recovery.
-  Transparent communication with stakeholders.

5. Continuous Monitoring and Detection
-  Use tools for real-time log monitoring, anomaly detection.
-  Track threats across cloud, on-prem, hybrid environments.

6. Employee Awareness & Training
-  Regular security hygiene training (phishing, credential safety).
-  Simulations, drills.

7. Redundancy & Alternative Systems
-  Alternate infrastructure / network paths.
-  Manual (non-IT) process backups.

8. Regulatory & Compliance Alignment
-  Ensure legal, data privacy, financial regulation requirements are met.
-  Go beyond compliance to build resilience.

9. Post-Incident Review & Continuous Improvement
-  Conduct root cause analysis.
-  Update controls and plans based on lessons learned.

10. Metrics and KPIs
-  Time to detect, time to contain breaches.
-  Financial & operational loss metrics.
-  Uptake of security measures (e.g. % with MFA, % with patching current).
 

Conclusion:

Cyber resilience is no longer optional—it’s essential. The case studies show that even large organisations with significant resources can suffer immensely when systems fail, breaches occur, or contingency plans are inadequate. To build resilience, organisations need a proactive and holistic approach: anticipating risk, preparing backup systems, aligning compliance, and continuously improving based on real-world feedback.

Investing in cyber resilience not only reduces the damage when incidents occur but also strengthens stakeholder trust, protects brand value, and keeps operations robust under pressure. By following a thorough checklist—assessing threats, building redundancy, enforcing strong controls, educating people, and learning from incidents—businesses can better withstand disruptions and bounce back stronger.

Key takeaways:

• Cyber resilience is a continuous improvement process where you learn from past breaches, mistakes and fill in the gaps. Also, you should be proactive with well-trained people, processes, and technologies to face APTs (advanced persistent threats).
• Try to achieve a balance between people, processes, and technologies.
• Using technology as an enabler, focus on achieving a balanced technology portfolio i.e. in terms of technologies you are investing in – more investment should be directed towards response and recover capabilities
  
  Read Related Article