Cyber attacks are becoming more frequent and more complex. It’s no longer a question of whether your business will fall victim to an attack, but rather when. As a result, cyber resilience is becoming a strategic priority. But what does it really mean to be cyber-resilient, and how can businesses effectively test and strengthen their preparedness against cyber threats? This article explores some thoughts from the AI Action Summit report.
1. Understanding cyber resilience
Cyber resilience is a company’s ability to withstand cyber attacks. It involves protecting oneself and reacting quickly, but also anticipating and adapting to changes in digital threats. This approach goes beyond simple prevention, incorporating robust response and crisis management capabilities. The central question is no longer simply how to prevent a cyber attack, but how to manage its occurrence effectively to minimise the damage.
2. The foundations of a cyber-resilient organisation
To build a solid cyber resilience, several pillars need to be built in a coordinated and integrated way:
Safety culture
Technology alone is not enough to protect an organisation. Human error remains one of the major vulnerabilities. So it’s vital to instil a culture of security within the company. This requires ongoing awareness-raising among employees, through appropriate training. Top management also needs to get involved, understand the issues and identify the risks associated with cyber security.
Third-party risk management
In our interconnected economy, companies are heavily dependent on their partners and suppliers. Managing the risks associated with third parties, including their security and processes, is therefore becoming essential. This requires strict control, monitoring and compliance processes. It also means complying with regulatory requirements, such as the European Union’s Digital Operational Resilience Act (DORA).
The Digital Operational Resilience Act (DORA) is a European regulation aimed at ensuring the digital operational resilience of financial institutions. It imposes strict rules for managing IT-related risks. The aim is to ensure the continuity of essential financial services, even in the event of a cyber incident.
Incident management
Given the frequency and sophistication of cyber attacks, businesses need to be prepared to respond quickly and effectively. A clear framework for responding to cyber incidents is essential. It must include procedures for rapidly detecting attacks, limiting losses and restoring normal activity. The aim is to minimise the operational and economic consequences of a cyber attack.
Business continuity and crisis management
These disciplines ensure that a company’s essential operations can continue or resume rapidly in the event of a major incident. A comprehensive risk analysis and management process must be in place. This includes clear recovery strategies and regularly tested contingency plans.
3. Testing cyber resilience: a strategic necessity
To verify the effectiveness of these approaches, companies need to undergo regular resilience testing programmes. Several methodologies can be adopted, each with its own specificities and advantages.
Cyber crisis simulations
This type of test, often in the form of tabletop exercises, assesses the responsiveness and decision-making of teams when faced with a realistic attack scenario. Led by a facilitator, these exercises also help to identify weaknesses in processes and raise security awareness among employees.
Red teaming et Purple teaming
Red teaming simulates a complex attack carried out by ‘ethical hackers’. It enables the detection and response of the security teams (blue team) to be tested in depth. Purple teaming, on the other hand, encourages collaboration between the offensive (red) and defensive (blue) teams to continuously improve skills and defence strategies.
Emulating opponents and capturing the threat
These exercises use scenarios directly inspired by the real tactics, techniques and procedures (TTPs) of cyber attackers, often documented by frameworks such as MITRE ATT&CK. This makes it possible to realistically test defensive capabilities and improve the responsiveness of operational teams in a controlled environment, thanks in particular to virtual environments or gamification platforms.
Towards an integrated approach to cyber resilience
Combining these different methods provides a comprehensive view of the company’s state of readiness, at both strategic and technical levels. Our experts recommend a tailor-made approach, taking into account the specific context of each organisation, and adopting a progressive approach, from the initial review of processes to the full execution of complex simulations.
4. Cybersecurity and artificial intelligence: a necessary evolution
The AI Action Summit report also highlights the growing importance of integrating artificial intelligence (AI) into cyber resilience strategies. AI, particularly generative AI, intensifies existing risks and introduces new threats such as advanced phishing, deepfakes and adversarial attacks. As a result, businesses need to evolve their traditional security practices towards innovative defences, combining traditional cybersecurity and AI-based methods.
Robust governance frameworks such as the EU AI Act and the NIST AI RMF are beginning to emerge to guide organisations through these specific challenges. However, monitoring and proactively managing incidents involving AI systems remains complex, often requiring external expertise and heightened vigilance.
Towards stronger governance of AI in cybersecurity
Given the increasing complexity of cyber threats, cyber resilience can no longer be seen as an option. It needs to be integrated into a global strategy involving the whole company, from senior management to technical teams. Regularly testing response and adaptation capabilities through realistic simulations is now a major strategic imperative.
Finally, with the increasing integration of AI into the digital landscape, the proactive adoption of innovative approaches to managing these new risks is becoming essential to preserving the integrity and competitiveness of the business in an increasingly uncertain digital world.
Cyber resilience is essential because cyber attacks are now inevitable and increasingly sophisticated. It is not limited to prevention, but encompasses the ability to anticipate, detect, respond and recover quickly from an incident. A cyber-resilient company not only protects its assets, but also ensures the continuity of its operations even in the event of a crisis.
Cyber-resilience tests include crisis simulations, red teaming, purple teaming and adversary emulation. These methods can be used to assess the reactions of teams to realistic attacks, identify flaws in existing processes and strengthen coordination between technical and decision-making teams.
AI, particularly generative AI, is already being exploited by cybercriminals to carry out more targeted and credible attacks, such as deepfakes or advanced phishing. To counter these threats, businesses need to integrate AI into their defences and rely on robust governance frameworks such as the EU AI Act or the NIST AI RMF to frame the associated risks.
