Building Resilience – Empowering Cybersecurity Success in 2026

Geopolitical tensions, evolving regulations, and the relentless pace of AI innovation are fuelling a new wave of cyber risks. For the first time, economic indicators show that cybersecurity incidents can have a measurable impact on national growth. In this context, resilience is emerging as a key measure of security maturity, but what does that really mean?

Recently, CISOs in our DACH Community gathered for a Town Hall on the topic of cyber resilience – from defining it to adapting strategies for it. Ross Mckerchar, CISO at Sophos Inc, moderated the discussion, and DACH CISO Community Members Marc Etienne Cortesi, CISO at Baloise; Peter Dornheim, CISO at Daimler Truck AG; and Saadat Bunyatova, Director and Head of Cybersecurity at Merck Healthcare, served as panelists.

Here are four highlights from the Town Hall discussion.
 

Defining Cyber Resilience at Your Organisation

The panelists began the discussion by “level-setting” about what resilience means in the context of cybersecurity and business operations. They emphasized a shift from traditional security measures, such as protecting identity and the perimeter, to a service-centric approach, focusing on business service continuity. 

The security leaders also highlighted the importance of defining impact tolerance, or how much disruption can be absorbed before reputational, operational, or financial damage occurs. In addition, the panelists noted the growing need for ecosystem resilience, as organisations increasingly depend on third and fourth parties.

One panelist pointed out that resilience is broader than business continuity planning (BCP) or disaster recovery, which often become IT-centric. They argued that resilience reflects the expanding role of CISOs and should not be conflated with traditional BCP.
 

Cyber resilience should be about enabling business continuity, even when technology fails.

Addressing the Challenges of Supply Chain Risk  

The CISOs agreed that supply chain and third-party risks are among the most complex challenges to improving cyber resilience. They emphasized the importance of identifying and distinguishing critical suppliers, elevating control and partnership for those who directly impact business services. 

They also noted that resilience must be approached from an ecosystem perspective, recognizing that competitors often rely on the same infrastructure, which creates shared systematic risks. Crisis testing and mutual responsibility with partners are crucial, especially as cloud failures remain largely untested.

To be proactive in planning, the security leaders highlighted the need for transparency between cyber security teams and the business. They suggested tailored risk communication and integrating business partners into strategic discussions. Real-world incidents, like recent hyperscaler outages, show that global crises can impact everyone, underscoring the need for skilled internal teams and flexible supplier relationships. 

Ultimately, the panel stressed that resilience depends on collaboration, clear communication, and realistic expectations for supplier performance, rather than simply imposing additional controls.
 

Increasing Awareness of Cyber Resilience

The panelists noted that board and executive awareness of cyber resilience has increased, partly driven by frameworks like DORA and NIS2, which emphasize accountability and personal liability. One CISO observed a significant shift from traditional reporting to a “pull” mechanism, where executives proactively seek his input.

Another CISO agreed, highlighting that while executives can not track every regulation, their interest and engagement have grown noticeably in the past 18–20 months, with frequent questions about regulatory coverage and risk gaps. One panelist pointed out that while compliance requirements and liability have heightened attention, executive awareness of cyber risks isn’t entirely new – they have been alert to cybersecurity issues, especially with the rise of AI and increased focus on data privacy. 

Overall, the panel agreed that education is ongoing, but executive teams are increasingly including CISOs in decision-making and are more attuned to the realities and responsibilities of cyber resilience.
 

To have incidents is normal, but to have preventable incidents is a failure.

Embedding Cyber Resilience Throughout the Organisation

The panelists emphasized that effective cyber resilience requires organisation-wide engagement and support, not just assigning accountability for risk. One CISO shared the success of involving business unit owners directly in board sub-committee meetings to discuss risks relevant to their areas, which fostered greater engagement and shared responsibility – provided it was paired with support, rather than pressure. The group agreed that resilience is best achieved when everyone, not just IT, is aware of and involved in managing threats, and when risk ownership is supported throughout the organisation.

On the technical front, the CISOs highlighted the importance of adopting an adversarial mindset, using threat intelligence, red and purple teaming, and continuous learning from both tests and real incidents. They stressed the value of layered defenses, such as MFA and zero trust, to make systems more hostile to attackers and give defenders more time to respond. 

While advanced technology is important, they noted that human expertise remains crucial, especially for serious attacks. In addition, the panelists shared that resilience is maximized when security is integrated with product teams and the broader business, creating a culture of shared vigilance and continuous improvement.

Ultimately, the panel agreed that cyber resilience is about ensuring business continuity, even amid disruptions. It requires a holistic mindset, collaboration across the supply chain, and a shift from controlling risk to enabling business operations. True cyber resilience means partnering with the business to keep operations running safely, even when technology fails, and making smart, collaborative decisions that support long-term business goals.
 

To collaborate with your CISO peers on cyber resilience and other timely security issues, apply to join a CISO community. If you are already a member of the community, sign in to the app to find upcoming opportunities to connect and collaborate with your peers.
 

Hosted by Sophos.