Cyber resilience IS the strategy: Why business and security must align now
How did your country report this? Share your view in the comments.
Diverging Reports Breakdown
Cyber resilience IS the strategy: Why business and security must align now
Cybercriminals are increasingly sophisticated, treating their malicious activities like a business. Only 37% of companies have a codified incident response plan, meaning 63% would be scrambling to determine critical steps during an actual breach. Only 29% of organizations feel prepared for AI-driven attacks, despite the technology’s potential to enable adversaries to attack at scale and with unprecedented speed. Cyber-resilient organizations share key characteristics: complete alignment with business objectives, leadership-wide cybersecurity responsibilities with specific KPIs, and proactive threat monitoring.
The following article summarizes a recent SC webcast discussion between Host Adrian Sanabria and Theresa Lanowitz, Chief Cybersecurity Evangelist at LevelBlue, a strategic alliance between AT&T and WillJam Ventures. They discussed how security leaders can translate technical risks into business impacts, gain executive and board buy-in, and foster a culture of shared responsibility for cyber resilience.
Cyber resilience has become more critical than ever. According to Level Blue’s 2025 Futures Report , organizations face a complex array of traditional and emerging cyber threats.
Ransomware remains the top concern, followed closely by phishing and business email compromise. However, new attack vectors are rapidly emerging, including QR code scanning scams, software supply chain attacks, and AI-powered threats.
Notably, only 29% of organizations feel prepared for AI-driven attacks, despite the technology’s potential to enable adversaries to attack at scale and with unprecedented speed.
Cybercriminals are increasingly sophisticated, treating their malicious activities like a business and strategically timing attacks to maximize impact.
Challenges in organizational preparedness
For instance, early 2025 saw smishing attacks targeting travelers during the holiday season, exploiting people’s unfamiliarity with their surroundings and creating a sense of urgency.
The research reveals significant gaps in organizational readiness. Only 37% of companies have a codified incident response plan, meaning 63% would be scrambling to determine critical steps during an actual breach.
Similarly, just 34% conduct cybersecurity due diligence during mergers and acquisitions, leaving potential vulnerabilities unaddressed. Cyber resilience isn’t just about technology—it’s about creating a holistic organizational culture. Cyber-resilient organizations share key characteristics: complete alignment with business objectives, leadership-wide cybersecurity responsibilities with specific KPIs, and proactive threat monitoring.
Building a resilient cybersecurity strategy
Importantly, 100% of cyber-resilient organizations maintain close collaboration between security teams and business units.
To enhance cyber resilience, organizations should focus on four critical steps: cultivating a cyber resilience culture, elevating cybersecurity discussions, aligning security with business goals, and preparing for emerging threats.
This approach requires continuous learning and adaptation. Experts emphasize that no organization is too small to be targeted. Cyber attacks can devastate businesses of all sizes, making comprehensive preparedness essential. Employee training plays a crucial role, with third-party training programs helping staff recognize and respond to evolving threats.
The key takeaway is clear: cyber resilience is a dynamic, organization-wide commitment to understanding, preventing, and rapidly responding to potential security challenges.