Reimagining cyber resilience
Address cyber threats that disrupt business operations
It’s time to rethink what cyber resilience means. Today it’s equated with redundancy — backup data centers, high-availability clusters, and best-of-breed tools stitched across environments. These measures address isolated risks, but often create fragmented architectures and operational silos that crumble under real-world pressure.
Traditional backup and disaster recovery tools remain necessary — but they’re only part of the equation. True resilience goes beyond uptime; it’s about preserving trust, continuity, and systemic stability during disruption. For a hospital, that means maintaining access to patient records and critical care systems during a ransomware attack. For a logistics firm, it’s keeping supply chain visibility intact during a network outage. For a media company, it’s sustaining live broadcast operations in the face of a distributed denial-of-service (DDoS) storm.
I recently spoke with Jeff Gatz, Kyndryl’s VP of Alliances, about how to reimagine resiliency. We touched on some of the key security threats and resiliency challenges that were highlighted in the 2025 Cloudflare Signals Report: Resilience at Scale, and we discussed key ingredients for building a more resilient organization in today’s complex cybersecurity environment.
He shared the “minimum viable company” concept that his team uses to help organizations rework their resiliency strategies. “If you experience a catastrophic event — whether it is a malware attack or a disruption caused by a nation-state — you need to return rapidly to a minimum viable set of applications, services, functions, and data,” said Gatz. “These are the absolutely essential elements that you need to stay operational in the hours after an incident.”
To me, this is the right reframing of resiliency. Leaders must shift from technology-based redundancy to outcome-based continuity — ensuring that the most essential services remain operational when the stakes are highest.
Encountering the double-edged sword of AI
As Jeff Gatz mentioned in our discussion, industry leaders often recognize AI as a double-edged sword. “[AI] becomes both the weapon and also the defense against what’s happening out there,” said Gatz.
The rise of agentic AI shows how AI is being employed for both good and bad. For example, organizations are eager to deploy AI agents to automate a wide range of processes so they can enhance the speed and efficiency of workflows. But cybercriminals are attacking the models, data, and third-party tools used by AI agents and other AI apps. At the same time, those criminals are increasingly employing AI tools to boost the scale and effectiveness of attacks.
To combat these threats, organizations are also using AI as part of their cyber defenses. By using machine learning models and deploying AI agents, they are enhancing decision-making, detecting anomalies faster, predicting attack patterns, and automating responses at scale. This shift enables security teams to move from reactive firefighting to continuous, adaptive defense. This is where we see the biggest improvements in cyber resiliency — not just in preventing breaches, but in sustaining critical operations during an incident. AI-driven systems help ensure that essential services remain available, even under attack, by dynamically prioritizing resources, isolating threats, and maintaining continuity when the stakes are highest.
“[AI] becomes both the weapon and also the defense against what's happening out there.”
— Jeff Gatz, VP of Global Strategic Alliance, Kyndryl
Escalating third-party risks
AI agents and AI-powered applications are not the only systems that are vulnerable to third-party risks. In fact, any application or service that uses some element from a third party could be subject to an attack that significantly disrupts operations.
The World Economic Forum found that 54% of large enterprises identify third-party risk management as their top cyber resilience challenge. And attacks on software supply chains, cloud platforms, and third-party integrations are rising: According to the Verizon 2025 Data Breach Investigations Report, the proportion of breaches involving third parties doubled from 15% in the previous year to 30% in the year ending October 31, 2024.
The increasing enterprise reliance on a relatively small number of large cloud providers is particularly troubling. One attack, on just one vulnerability, from one cloud provider could cause widespread repercussions across multiple industries, resulting in billions in losses.
Meanwhile, client-side attacks continue to grow. Many developers use third-party scripts to streamline app development. Their apps run those scripts on an end user’s machine, in a web browser, rather than on a host’s web server. Consequently, end users are vulnerable to attacks on the scripts. So, for example, an attacker might be able to access an individual’s saved credit card information by infiltrating a client-side script running on that individual’s browser.
The average enterprise uses at least 20 third-party scripts, often for functions like analytics, ads, and chatbots. Some have up to hundreds of thousands. Each of those scripts could be an entry point for an attacker.
Facing larger, more sophisticated DDoS attacks
DDoS attacks are among the most salient threats to cyber resilience. These attacks have become precision tools used by not only cybercriminals and hacktivists but also nation-states. Attackers are committed to disrupting operations, creating compliance problems, and damaging reputations.
The number of these attacks is increasing significantly year over year. Cloudflare blocked 20.9 million DDoS attacks in 2024 and 20.5 million DDoS attacks in the first quarter of 2025 alone — a 358% year-over-year increase and a 198% increase from the previous quarter.
Emerging technologies are enabling cybercriminals to increase the scale of DDoS attacks. Attackers are using botnets, IoT devices, and AI-driven automation to launch large-scale, persistent, high-impact assaults on critical digital services. In October 2024, Cloudflare detected and blocked a 5.6 Terabit-per-second (Tbps) DDoS attack — at the time, the largest attack ever reported.
Proliferating cybersecurity regulations
Addressing these and other threats to resiliency is no longer optional. Around the world, new regulations are compelling organizations to strengthen their cybersecurity posture and be more transparent about the incidents they face. Some of the most stringent mandates are emerging from the United States, the European Union, and Australia.
United States: The US Securities and Exchange Commission (SEC) requires public companies to disclose material cybersecurity incidents and detail risk management strategies.
European Union: The EU’s Digital Operational Resilience Act (DORA) has established strict cybersecurity standards for the financial sector. Meanwhile, the EU General Data Protection Regulation (GDPR) imposes penalties of up to 4% of global revenue for noncompliance with that regulation.
Australia: Prudential standard CPS 234, issued by the Australian Prudential Regulation Authority (APRA), mandates that financial institutions maintain robust information security measures.
Organizations that can address security and compliance challenges at the same time will gain a strategic edge. They will be able to accelerate entry into regulated markets, enhance customer trust, and minimize financial and reputational exposure.
Rebuilding a cyber resilience strategy
Resilience today must go beyond redundancy. It should anchor in business continuity, trust, and systemic stability — ensuring critical operations continue under attack or regulatory scrutiny.
Adopting the minimum viable company concept that Jeff Gatz highlighted, resilience must provide the ability to quickly restore the core applications, services, and data needed to stay operational after a major disruption.
The following seven objectives should be your top priorities.
Define your minimum viable company. Identify core services, applications, and data. These represent the minimum viable company — capabilities that must be preserved to sustain operations. By setting clear recovery objectives tied to business priorities, you can ensure that resilience is measured not just in technical uptime, but in the continuity of critical outcomes.
Integrate security and compliance functions. As Jeff Gatz aptly put it, “Compliance should be baked into your security architecture.” A unified platform helps align threat detection with regulatory reporting, streamline audits, and improve visibility — driving down cost and risk. Security and compliance don’t need to be separate silos; when integrated, they deliver more than the sum of their parts.
Automate compliance to keep pace with global regulations. Manual compliance processes can’t scale with the pace of global regulation. Automating key workflows — such as auditing, real-time monitoring, and jurisdiction-aware data routing — helps ensure continuous alignment while reducing operational burdens. The result: better resilience and fewer surprises during audits or assessments.
Gain real-time visibility into critical third-party dependencies. Supply chain vulnerabilities are a common source of security breaches. You need to continuously monitor critical vendors and external services — not just at onboarding, but throughout the relationship. Enforcing contractual security obligations and integrating third-party insights into broader governance are essential to reducing risk.
Find ways to absorb huge DDoS attacks and still maintain uptime. Attackers today are launching enormous DDoS attacks. Adopting cloud-based DDoS protection can help mitigate the largest attacks without halting operations. Cloud providers can implement geographically redundant infrastructure and compliance-aware failover plans, and regularly test recovery procedures to ensure uptime and regulatory alignment.
Test the full resilience posture. Being prepared means more than having technical controls in place. Build a resilience playbook that addresses operational, technical, and regulatory requirements. Then, test it — regularly. Simulated disruptions help ensure your teams can detect attacks, recover quickly, and meet reporting obligations under pressure.
Foster a culture of security. The human layer is the most exploited attack vector — particularly through phishing and social engineering. While AI and machine learning are advancing predictive defense capabilities, it’s still important to invest in user training so employees can spot, avoid, and report threats before they escalate.
Strengthening cyber resiliency by combating complexity
Today’s cybersecurity threats are driving some organizations to adopt multiple solutions in an effort to bolster defenses and strengthen resiliency. But the result can be a disconnected collection of tools that creates management complexity and still leaves gaps.
As Jeff Gatz noted, consolidation is key. He suggested organizations ask themselves, What are our trusted technology partners and how do we leverage most of their ecosystem? In particular, security and networking capabilities are prime candidates for consolidation. “Stop putting them in two separate buckets,” said Gatz. Consolidation can help strengthen security and close gaps while streamlining management and reducing costs.
I couldn’t agree more. At Cloudflare, our connectivity cloud empowers organizations to connect, protect, and build through a unified, intelligent platform of cloud-native services. We help address a wide range of security threats that can disrupt operations, while also streamlining security management — even in the most complex enterprise environments. With this foundation in place, organizations are better positioned to build a resilient, future-ready strategy.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about how to revitalize your resiliency strategy and uncover additional insights into the forces shaping today’s security landscape in the 2025 Cloudflare Signals Report: Resilience at Scale.
Author
Khalid Kark — @khalidkark
Field CIO Americas, Cloudflare
Key takeaways
After reading this article, you will be able to understand:
3 top cybersecurity threats that can interrupt business operations
Regulatory changes that complicate resilience planning
7 priorities for addressing threats and preventing operational disruptions