Supply-chain attacks have surged in recent years, in some cases triggering widespread IT outages that have sent cybersecurity shockwaves around the world. This has forced CISOs everywhere to ask themselves, “Have I prepared my company for the worst?” With every outage, breach, or disruption, CISOs face mounting pressure to defend their data and systems against threats, while ensuring their business keeps running without interruption. Even robust organizations can struggle to bounce back.
As a result, cyber resilience — the ability to identify, withstand, and recover from disruptions — has become top of mind for CISOs and their boards. But how can IT leaders up their resilience game without compromising on operational agility? Let’s explore which tactics CISOs are prioritizing, based on recent industry discussion.
1. Strengthening disaster response and recovery plans
A robust disaster recovery plan has always been foundational for IT organizations, but CISOs are rethinking their approaches to include more agile, iterative testing. During the Okta CISO Forum, participants shared a consistent challenge: safeguarding recovery processes when their reliance on third-party tools and integrations is growing daily. CISOs are searching for disaster preparedness, response, and recovery plans for both enterprise- and customer-facing solutions.
“Cyber resilience isn’t just about bouncing back from an event,” says Ken Collins, CISO at Sunbelt Rentals, a North American equipment and tool rental company. “It’s ensuring your business can continue delivering its mission, even in the face of adversity, with preparedness and rehearsed expectations.”
For many leaders, the next step is architecting redundancies into their systems without overly complicating existing infrastructure. As Mark Sutton, CISO at private investment firm Bain Capital, says, “Your ability to have multiple layers of control on a technical and process level ensures that even if something bypasses the first line of defense, you're still able to operate effectively and respond rapidly."
One challenge CISOs commonly face is pushback from budget owners because redundancies are costly and, by definition, mean not all infrastructure and services are being used at a given time. Sutton’s advice: “As budgets tighten, focus redundancy on what is critical to your business rather than rolling it out everywhere across the organization.”
2. Proactively identifying vulnerabilities
No one can predict every disruption, but identifying potential weaknesses in advance can drastically reduce fallout when incidents occur. That’s why many CISOs are refocusing efforts on proactive measures, like regular penetration testing, 24/7 vulnerability monitoring, or simulating real-world scenarios to evaluate where incident response plans are falling short.
Collins says it starts with the basics: “Pull together a group for a tabletop exercise and listen. You’ll uncover more about your weaknesses through conversations than by trying to solve the problem initially."
Another shared priority? Making sure incident response plans are actionable and ready to go, not sitting in a drive somewhere collecting dust. When leadership is clear on what happens in the first critical moments after a breach, organizations bounce back faster and with better board and public trust.
"It's less about what constitutes cyber resilience and more about the absolute necessity for it. Defenders face headwinds on multiple fronts: more attackers with more sophisticated tools and growing network complexity,” Sutton explains. “Resilience is about accepting that gaps will exist and building programs that can withstand the continual onslaught.”
3. Reinforcing vendor credibility to build board trust
CISOs are increasingly turning to third-party vendors to fortify their security programs. But with a growing reliance on mission-critical partners comes the need to prove their value — and security. The most effective CISOs don’t just review vendors during procurement; they continuously evaluate their risk over time to ensure they’re keeping up with and exceeding expectations.
"Vendor risk is about understanding what I call their ‘blast radius.’ If something goes wrong at or with a third party, what’s the effect on us?” Sutton says. “Based on that, we categorize vendors and apply appropriate rigor during onboarding and beyond. Depending on the risk, we may need continuous monitoring, annual validation, or compensating controls to mitigate potentially uncontrollable risks."
Collins agrees: "Resilience with vendors comes down to strong, bi-directional relationships. When something goes wrong, a trusted partner should call you before you even realize the issue."
By strengthening criteria for uptime guarantees, incident communication timelines, and vendor compliance certifications, leaders can build trust with the board while preserving security operations.
Next steps for building a resilient enterprise
As businesses balance innovation with risk, it’s clear that cyber resilience demands continuous attention from leadership. From fortifying disaster recovery plans to embedding resilience-first frameworks into your ecosystem, the steps you take today build trust and security for tomorrow — and the strategies discussed here provide a blueprint for organizations looking to stay operational amid disruptions.
Attacks are inevitable. But by prioritizing preparedness and developing a strategy for how the organization will bounce back from incidents, CISOs can safeguard their organizations while earning the confidence of their teams, boards, and customers.
For more insights from the Okta CISO Forum, check out this article on how to measure the success of your security program.
