What is Cyber Resilience?

The Four Dimensions of Cyber Resilience

Anticipate

Understanding the threat landscape, organizational risk profile, and the specific scenarios most likely to affect operations. Threat modeling, risk assessment, and threat intelligence all contribute to anticipation capability.

Withstand

Security controls and architecture that limit the impact of an attack in progress. Network segmentation limits lateral movement. Privileged access management limits what compromised credentials can access. Backup systems isolated from primary infrastructure survive ransomware that destroys primary data.

Recover

Tested processes for restoring operations to normal after an incident. Backup restoration procedures that have been validated through actual restoration testing. Incident response playbooks that define recovery priorities and procedures. Recovery Time Objectives and Recovery Point Objectives defined and validated against tested capabilities.

Adapt

Post-incident learning that improves future prevention, detection, and response based on what the incident revealed. Organizations that emerge from cyber incidents with meaningfully improved security postures are practicing cyber resilience in its fullest sense.

Business Continuity and Cyber Resilience

Business continuity planning extends cyber resilience to operational procedures during system unavailability. Manual processes for critical operations that can operate without affected systems, defined escalation procedures during system outages, and pre-established vendor relationships for emergency resources all reduce the operational impact of cyber incidents beyond what technical recovery capabilities alone provide.

Resilience Assessment for PE Portfolio Companies

Cyber resilience assessment should evaluate: Are backups tested through actual restoration exercises, and what is the documented RTO/RPO? Is backup infrastructure isolated from primary systems so ransomware cannot reach it? Does the IR plan include business continuity procedures for extended system unavailability? Have recovery procedures been validated through tabletop exercises? Does the organization have pre-established relationships with IR firms, legal counsel, and communications advisors who can deploy rapidly in a crisis?

Real-World Example: Garmin Ransomware 2020 — The Cost of Poor Resilience

The WastedLocker ransomware attack against Garmin in July 2020 caused a five-day outage of Garmin Connect, flyGarmin, and other services. Garmin reportedly paid a $10 million ransom to obtain decryption keys. The extended outage demonstrated the operational consequence of inadequate cyber resilience: an organization whose recovery capability depended on obtaining decryption keys from attackers had no independent recovery path. Organizations with mature backup and recovery capabilities do not need to pay ransoms to restore operations.