Cybersecurity

From cyber security to cyber resilience: Why organizations need to practice for the worst

Hand of touching network connecting the human dots icon in business project management: Cybersecurity has evolved into cyber resilience and is an organizational wide strategy

Cybersecurity has evolved into cyber resilience and is an organizational wide strategy Image: Getty Images/iStockphoto

Alex Spokoiny
Chief Information Officer, Check Point Software Technologies
This article is part of: Centre for Cybersecurity
  • Organizations’ cybersecurity must evolve with the threat landscape, where incidents escalate faster than teams can analyze. The challenge is less technology but organizational decision-making under pressure.
  • Cyber resilience focuses on the ability to continue operating when systems are disrupted, data integrity is uncertain and external pressure is mounting.
  • One of the most effective ways to build and measure that capability is through tabletop exercises designed for extreme scenarios, where IT recovery is delayed and the entire organization must step in to respond.

For years, cybersecurity has been framed primarily as a technology problem. Firewalls, endpoint protection, detection tools and incident response playbooks have dominated the conversation. Organizations invested heavily in preventing attacks and improving their ability to detect and respond.

Prevention cannot be overstated and should be considered the foundation of cybersecurity – it reduces risk, disruption, and cost, limits the blast radius, and ensures business continuity. In an environment where threats are constant and adversaries move fast, strong preventive controls remain the most effective way to reduce harm.

The reality is that it's no longer a question of whether an attack will occur, but when; and any technical defence, even strong ones, can be tested by uncertainty, complexity, and time pressure. Such uncertainty has been exacerbated by the rapid adoption of artificial intelligence, which has aided adversaries as much as it has accelerated defence capabilities.

The organizations that emerge stronger are those that can operate effectively under failure, even when prevention has been challenged. When technology cannot immediately restore certainty, it is the organization’s decision-making discipline and operational coordination that ultimately determine the outcome.

This is where cybersecurity evolves into cyber resilience.

Have you read?

Cyber resilience is more than cyber security

Cybersecurity focuses on protection and response: stopping attacks, reducing dwell time and restoring systems. Cyber resilience asks a broader question: how does the organization continue to operate and make decisions when technology is disrupted, degraded or untrusted?

In that sense, cyber resilience mirrors other business continuity planning disciplines. For example, organizations routinely prepare for natural disasters, supply chain disruptions and operational outages, assuming that systems, people or processes may become unavailable and the business must still function.

Similarly, a severe cyber incident could delay or constrain IT recovery. Systems go down longer than expected and data integrity could become uncertain. External pressure from customers, regulators and the media can also mount. Therefore, the challenge no longer remains purely technical but also organizational.

The organizational nature of a cyber crisis

True cyber resilience requires the entire organization to act in concert.

Legal teams must assess regulatory exposure and contractual obligations. Finance must evaluate operational impact and liabilities. Communications teams must manage messaging to employees, customers, partners and the public. Executives must make time-critical decisions with incomplete, sometimes conflicting information.

If these functions are not aligned, even a technically well-managed incident can escalate into a business crisis: delayed decisions, inconsistent messaging, unmanaged expectations and avoidable reputational damage.

Yet many organizations still “test” cyber readiness almost exclusively within IT. Incident response exercises focus on malware analysis, containment timelines and system restoration. While necessary, this doesn’t test whether the organization can operate under sustained disruption or whether leadership can make confident decisions when the facts are unclear.

Cyber resilience demands a different approach: practice how the organization behaves when prevention reduces risk but cannot eliminate it and when technology cannot instantly resolve uncertainty.

Why measuring cyber resilience is hard

One reason cyber resilience is often discussed but rarely measured is that you can’t measure it with just dashboards.

An agent can’t be deployed to tell you how quickly executives align under pressure, whether legal and communications can synchronize messaging in a fast-moving situation or how effectively teams share information across silos.

Cyber resilience is about decision-making, co-ordination and adaptability. To assess it, organizations need a structured methodology – a way to exercise, observe and measure how people and processes perform under extreme conditions. This is where tabletop exercises become invaluable.

Tabletop exercises: Practicing for the breaking point

Tabletop exercises are often treated as compliance requirements or basic incident response training. However, when well-designed, they are among the most practical ways to build and measure resilience.

Unlike technical simulations, tabletops focus on people and decisions, placing participants into realistic scenarios and forcing them to navigate uncertainty, trade-offs and competing priorities.

To do this effectively, the scenario should go beyond a “normal” cyber incident, with the goal of testing the organization’s ability to operate when recovery is delayed, data trust is questionable, and external pressure is rising.

A strong resilience exercise escalates gradually:

  • Early indicators suggest an attack affecting critical systems.
  • Recovery timelines slip and dependencies complicate restoration.
  • Data integrity concerns emerge, urging whether you can trust what’s in your systems.
  • Customers and partners ask questions; regulators and deadlines loom.
  • The organization must make decisions before certainty is restored.

At a certain point, it becomes clear that technology alone will not resolve the situation quickly.

This is where the exercise becomes revealing.

Legal assesses notification obligations and risk exposure without complete facts. Finance evaluates business impact while systems remain unavailable. Internal communications manages employee uncertainty and rumour control. External communications balances transparency with legal and reputational risk. Executives make high-stakes calls under time pressure.

The value isn’t in finding the “perfect” answer; it’s about whether the organization can work together quickly, coherently and decisively.

What a resilience exercise can actually measure

A well-designed cyber resilience tabletop exercise surfaces insights that purely technical tests won’t. It also creates measurable indicators you can track over time, such as:

  • Time to executive engagement: How quickly leadership joins and stays engaged.
  • Decision clarity: Whether ownership is clear or decisions stall in ambiguity.
  • Information flow: Whether key facts move across teams or remain siloed.
  • Operational continuity: Ability to run critical services in degraded mode.
  • Crisis communications readiness: Internal and external messages aligned and timely.
  • Recovery time objective and recovery point objective under stress: Whether recovery assumptions match reality.
  • Conflict and delay points: Where friction emerges between functions.

These indicators allow organizations to move beyond “we think we’re ready” and toward concrete improvement plans.

Prevention first, resilience always

Prevention remains the core of any cybersecurity strategy to reduce the likelihood and impact of incidents, buy time and limit disruption. However, resilience ensures that when prevention is tested by speed, uncertainty and complexity, the organization can still function.

Cyber resilience is not a one-time project. Like any business continuity planning discipline, it requires continuous practice, refinement and leadership engagement. Tabletop exercises should be repeated, adapted and expanded as the organization evolves.

The most resilient organizations are not those with perfect defences but those that have practiced failure and learned from it. If your cyber exercises stop when IT restores systems, you are testing security, not resilience. Build prevention as the foundation, then practice the moment it is not enough.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

More on Cybersecurity
See all

The Milan-Cortina 2026 Olympic Games are a prime cyber target. Here’s why – and how defenders are responding

Spencer Feingold

February 11, 2026

How can we build intelligent resilience against cyber threats in the age of AI

About us

More from the Forum

Engage with us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2026 World Economic Forum