The latest Deloitte Global Future of Cyber survey found data-loss threats impacted 28% of organizations in 2024, a 14% increase from 2023. As cyberattacks become more frequent and far-reaching, organizations should begin to look beyond traditional risk management. The increasing rate of attacks has demonstrated that conventional approaches to business continuity and disaster recovery are insufficient to meet current challenges. In our new insights overview, we outline some of the building blocks of modern resiliency to help you fortify your organization.

How has the concept of cyber resilience evolved with the rise of AI-driven threats, and what are some specific factors driving this shift?
AI has fundamentally reshaped cyber resilience, shifting it from reactive recovery to proactive defense. AI can empower organizations to autonomously detect, protect, contain, and recover from threats at unprecedented speed while offering deeper insights into vulnerabilities and exposure points. Conversely, AI’s dual nature also enables adversaries to craft sophisticated attacks, such as autonomous adaptive malware and automated mass social engineering attacks. To thrive in this evolving landscape, organizations should rapidly and courageously integrate AI into their strategies, fostering collaboration between advanced technologies and human expertise, while prioritizing proactive innovation. By doing so, they can strengthen resiliency in this threat environment.

Given that traditional risk management is insufficient for today’s sophisticated threats, what new strategies should organizations adopt to strengthen their readiness, response, and recovery?
Traditional risk management has been historically incumbered by a high dependency on human expertise, manual processes, and infrequent updates. Organizations should adopt a digital-first approach powered by modern technologies such as automation, AI, and eventually agentic AI. This can enable more continuous, data-driven, and unbiased risk analysis, offering a sharper, real-time understanding of potential threats. Organizations ready to shift toward these capabilities can strengthen their readiness and response while also achieving significantly improved risk outcomes.

What are some of the overlooked aspects of cyber resilience that organizations should prioritize in 2025 and beyond?
While technology dependencies and vulnerabilities are central to cyber resilience, programs should go further to address the intersection of technology and business. Organizations should prioritize integrating business context and process understanding into their cyber resilience strategies. This means bridging historically siloed efforts—such as business continuity, process analysis, disaster recovery, and cyber crisis planning—to create a cohesive and well-managed approach. By doing so, organizations can better understand and address the complex relationship between technology and business operations, helping to improve resilience in an increasingly interconnected landscape.

With increasing regulatory focus on cyber resilience, how can organizations meet compliance requirements while also driving innovation and agility?
Global regulations generally emphasize foundational principles rather than prescriptive mandates. They focus on foundational elements of resiliency capability, such as understanding business operations, having a resilient and secure vendor base, establishing risk management practices that facilitate visibility and oversight by senior management and boards, and establishing plans and technologies to support these goals. Organizations should align their efforts with these core principles and the outcomes the regulations seek; minimizing constraints in their ability to leverage innovative and agile approaches to do so.

How can organizations enhance collaboration between cybersecurity, IT, and business leaders to make resilience a company-wide priority?
The first step is to view cybersecurity and resilience as enterprise-wide business risks, not just specialized technical issues. This approach can help with focusing on business risks and outcomes, informed by technologists and security specialists, rather than centering solely on cybersecurity or technology. Establishing visible, C-suite and board-level initiatives staffed with multidisciplinary teams can foster collaboration and drive organizational improvements. These teams, united by clear goals and supported by senior leadership, can leverage their diverse skills and experience to enhance company-wide resilience.