Cyber resilience is the strategy: Why business and security must align now

admin May 9, 2025 0
Cyber resilience is the strategy: Why business and security must align now
Companies that align their cybersecurity and business goals are far more likely to achieve cyber resilience, their ability to withstand a major disruption of their information-technology processes and infrastructure.That’s the gist of the newly released 2025 Futures Report from LevelBlue, a joint venture between AT&T and WillJam Ventures. Subtitled “Cyber Resilience and Business Impact,” the report is based on survey responses collected in January 2025 from 1,500 C-suite and senior executives in 14 countries and across seven industries.”Cyber resilience mean[s] how the whole organization comes together when there is some type of interruption to that whole IT estate, whether it’s a cybersecurity breach, a man-made incident or a natural disaster,” explains Theresa Lanowitz, Chief Cybersecurity Evangelist and Head of Thought Leadership at LevelBlue.For example, if a ransomware attack were to lock up an organization’s systems, the organization’s level of cyber resilience would indicate how quickly it could get back up and running.A highly cyber resilient company, with up-to-date offline backups and a well-rehearsed incident-response plan, might bounce back in a matter of hours. An organization that failed to take those precautions would not be cyber resilient and could take several days, or even several weeks, to resume normal operations.

Why business alignment matters

Achieving cyber resilience is a top-down process that must be led by an organization’s senior management. But before that process can begin, the top brass must understand that cyber resilience is much more than cybersecurity. In fact, cyber resilience should be part of the company leadership’s core mission.”The purview of the C-suite is to deliver better business outcomes, to make sure that their organization is safe and protected,” says Lanowitz. “Cyber resilience is definitely a C-suite initiative.”For company leadership to take the reins of cyber resilience, the IT team, and especially the cybersecurity team, need to make sure that they in turn understand and are working toward the company’s overall goals. Only then can the IT leadership and C-suite executives truly be on the same page.”The leadership roles have cybersecurity responsibility, with KPIs and metrics, meaning the C-suite really has to take on cybersecurity,” says Lanowitz. “From their perspective, it’s no longer just the CISO, the CIO, and the CTO working separately.”To put it another way, for cyber resilience to be achieved, cybersecurity must be applied to regular business practices and vice versa. This means making sure that all business decisions take cybersecurity into account, and all cybersecurity decisions take business goals into account.”Aligning cybersecurity and the line of business is critical, so that the cybersecurity team understands the critical few objectives of the business and you can align what you’re doing on cybersecurity in a more strategic way versus a tactical way,” explains Lanowitz.

Encouraging, and not-so-encouraging, signs

The new Futures Report revealed some surprising changes from the previous year’s survey, which polled a smaller but broadly similar group of C-suite and senior executives.The biggest change was a marked reduction in the proportion of respondents who said their leadership teams did not understand cyber resilience, from 73% in 2024 to 55% in 2025. It’s still not great that more than half of company leaders don’t get the concept, but it’s a significant improvement.Likewise, the 2025 survey found that only 55% of organizations would not fund cyber resilience separately from cyber security. That’s a big drop from the 72% share in the 2024 report.And 45% of the respondents said that cyber resilience was now seen as a whole-company priority, and not just a cybersecurity problem — a nice rise from 27% the previous year.”We had some big events happen in 2024 that pushed cybersecurity specifically to be more of a board-level type of topic,” Lanowitz tells us. “It also made people realize that cybersecurity is not just a bunch of smart people sitting in a room, reading alarms and looking at alerts.”Specifically, Lanowitz says, a major healthcare breach in February 2024, followed by a mass outage in July caused by a bad cybersecurity software update, forced organizational leaders to grasp the importance of cyber resilience. In the 2025 survey, 68% of respondents admitted that media reports of massive breaches made executives more aware of the issue.”One hundred and ninety million Americans were impacted” by the healthcare breach, she says, “whether they were patients, providers, a pharmacy, a physical therapy office. We saw so many healthcare businesses related to that go out of business.”As for the update failure, which grounded airlines and disrupted banks and communications worldwide, “that was a picture-perfect example of why cyber resilience is so important,” Lanowitz says.”While initially people were saying, ‘Oh, you know, we think it’s a cyber attack,’ it wasn’t,” she points out. “It was just a software update and it had to do with the software, supply chain and regression testing and everything else along with it.”Yet there were also discouraging results in LevelBlue’s 2025 survey. Only 34% of respondents, for example, said that their organizations conducted effective cybersecurity due diligence during a merger or acquisition process, leaving the rest wide open to supply-chain or infrastructure vulnerabilities.Likewise, only 37% said their companies had incident-response plans, a core feature of cyber resilience. That was a tick up from the 35% in the previous year’s survey, but it’s nothing to celebrate.”That means that, what, 63% do not have a formalized incident-response plan,” comments Lanowitz. “That’s pretty outrageous in 2025.”

The five traits of cyber resilient organizations

Of 1,500 organizations surveyed by the 2025 Futures Report, LevelBlue could classify only about 7% as being truly cyber resilient. Yet those in that select group tended to share certain characteristics.First, all these organizations — a full 100% — had indeed aligned their cybersecurity and business goals, compared to 66% among all 1,500 respondents. Among the cyber resilient group, 73% had given cybersecurity responsibility to all leadership roles, while only 60% of the general group had.Sixty-one percent of cyber resilient companies said they allocated a cybersecurity budget to every new project at its inception, as opposed to only 46% of the entire respondent pool. Fifty-seven percent said they aligned business risk appetite with cybersecurity risk management, compared with 43% in the total pool.”It’s about building a proactive culture, to align and collaborate to break down those silos,” Lanowitz says.The cyber resilient companies also felt more confident taking innovation risks than the overall survey group, 79% to 61%, because they had taken an adaptive approach to cybersecurity.”They want to implement new technologies, processes and procedures,” says Lanowitz. “The cyber resilient organizations are far better prepared for what’s coming next.”A second common factor was that the cyber resilient organizations were far more confident they could defend themselves against AI-powered cyberattacks. That was reflected in the third common factor: None of the organizations deemed to be cyber resilient had suffered a breach in the 12 months before the survey.The reason for that might be the fourth factor: Cyber resilient companies were more likely than the rest to employ AI for their own defenses.”They’re not afraid of embracing AI on the cybersecurity front, so they’re able to defend against those AI-powered attacks,” says Lanowitz.Finally, the cyber resilient organizations were much better prepared to meet new threats head-on. Ninety-four percent were investing in software-supply-chain security, and 91% in advanced threat detection, compared to 62% and 63%, respectively, of the general group.For Lanowitz, the overall attitude of cyber resilient organizations can be summed up in just a few short phrases.”They are more prepared,” she says. “They’re more aligned. They understand.”

link

More Stories

Need cyber talent? Look to prisons, suggests new NASCIO report

Need cyber talent? Look to prisons, suggests new NASCIO report

admin May 15, 2025 0
UK Cyber Security Chief Names China as Dominant Hacking Threat

UK Cyber Security Chief Names China as Dominant Hacking Threat

admin May 14, 2025 0
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring

Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring

admin May 13, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Software engineering-native AI models have arrived: What Windsurf’s SWE-1 means for technical decision-makers

Software engineering-native AI models have arrived: What Windsurf’s SWE-1 means for technical decision-makers

admin May 16, 2025 0
This 24,000mAh Anker Laptop Power Bank Is Near a Record Low, Amazon Clears Stock At 40% Off

This 24,000mAh Anker Laptop Power Bank Is Near a Record Low, Amazon Clears Stock At 40% Off

admin May 16, 2025 0
Aston Martin’s Vantage Roadster Is a Menacing Open-Air Delight

Aston Martin’s Vantage Roadster Is a Menacing Open-Air Delight

admin May 15, 2025 0
NVIDIA Announces Spectrum-X Photonics, Co-Packaged Optics Networking Switches to Scale AI Factories to Millions of GPUs

NVIDIA Announces Spectrum-X Photonics, Co-Packaged Optics Networking Switches to Scale AI Factories to Millions of GPUs

admin May 15, 2025 0
Need cyber talent? Look to prisons, suggests new NASCIO report

Need cyber talent? Look to prisons, suggests new NASCIO report

admin May 15, 2025 0