Jolie Grace Wareham
|
May 22, 2025
Fact: 60 percent of small businesses shut down within six months of a cyber incident.
Another fact: Engaging in high-quality and strategic resilience efforts can help your business keep its doors open long after those first six months following a cyber incident.
If you’ve ever heard me talk about our work at protasec (or about the importance of cybersecurity in general), you’ve probably heard me say the word “resilience.” While yes, this term has become a buzzword and hashtag for folks in various fields, “resilience” holds serious meaning for us and our communities.
In honor of day four of The BCI’s Business Continuity Awareness and Resilience Week, we’re focusing on a theme that sits at the heart of what we do: Embracing organizational resilience through artificial intelligence (AI). Before we can dive into AI, however, we need to talk about what resilience actually is…outside of the buzzword-y uses.
So what is resilience, and what does it have to do with cybersecurity?
When we talk about resilience, we’re referring to the ability of organizations and communities to continue their work even when things go sideways (e.g. amid a cyber incident). This doesn’t just refer to the ability to “bounce back.” This refers to the ability to absorb disruption, adapt to change, and keep fulfilling your mission. Resilience includes technical readiness, process maturity, workforce culture, communication, and trust. This is true whether you’re a healthcare provider, a legal firm, and financial services team, a nonprofit, or a municipality.
Cyber attacks are major threats to resilience, and that is why the concept of “cyber resilience” has become so central to how we think about security today. Cyber resilience is the ability to keep an organization running and data safe, even while under pressure or during a cyber attack. It goes beyond firewalls and password managers. Organizations build resilience by refining tech stacks to include security software that fits their specific needs, establishing incident response plans and rehearsing them through tabletop exercises, and more. These actions allow for organizations to have business continuity during and after cyber incidents.
Bottom line, cyber resilience is a well-conceived strategy combining technical tools, human minds, and organizational culture.
Cyber resilience not something you hope your organization has and then find out it doesn’t during an incident. It’s not something you can “duct-tape on” after the fact. It’s something that is built deliberately, rehearsed regularly, and continuously improved.
Resilience starts at the organizational level but is vital to the community
Imagine your local healthcare clinic has a cyber attack and can’t access patient records. The clinic doesn’t have proper backups in place, so the attack causes a delay in vital healthcare procedures, prescription access, and more. This impacts the health of individuals who rely upon that clinic as well as the overall health of the community in which the clinic operates. This doesn’t even begin to dive into potential regulatory nightmares and fines for the clinic, especially if patient data was breached.
Now imagine your hometown experiences a cyber attack from a foreign adversary targeting critical infrastructure, and their water supply is impacted. The town didn’t have proper preventative measures to protect against this type of attack, and now the constituents have limited access to safe water for drinking, cooking, and bathing.
Final example…Imagine your favorite coffee shop (you know, the one you go to for all your deep work and prospective client meetings) experiences a ransomware incident. They didn’t have strong access control policies, making them an easy target for this type of attack. They are now locked out of vital applications including those that process customer payments, employee payroll, and vendor billing. Until they can regain access (which may include getting a business loan to pay a ransom), they are closed.
This means they lose business and maybe regular customers who shift to different coffee shops. Folks like you can’t use their space as a remote office, which disrupts the productivity of professionals in the community. Employees can’t get paid, which impacts their ability to pay their own bills and shop at other businesses in town. Vendors are not paid, which impacts their bottom line as well as the local economies of the communities in which they operate.
See the ripple effects?
The responsibility of small businesses to community resilience
Especially when it comes to small and midsized businesses and organizations, one attack can cause significant operational disruption, loss of revenue, and horrific ramifications for reputation.
Threat actors know this. In fact, 43% of cyber attacks target small businesses, but only 14% of small businesses report that they are adequately prepared to defend themselves.
This is why 60% of small businesses that experience a cyber incident will be out of business within six months. Think about what this might mean for your community. If all there are 20 small businesses on your block, and they all got hit by a cyber attack tomorrow, only EIGHT would still be in business six months from now. Ask yourself, how many of these 20 businesses rely on each other? For instance, the coffee shop might do well because the nurses at the health clinic next door like to go there on their breaks. What happens to the coffee shop if the health clinic is shut down for a week due to a cyber attack?
Cyber resilience is thus not only vital to the continuity of individual organizations and the services they provide but is also vital to the overall continuity of a community. We know rising tides raise all ships, and the opposite is true too.
In other words: Organizational cyber resilience is community resilience.
Think of resilience not just as an internal safeguard or metric. Think of resilience as a public service that organizations must take seriously as members of the community in which they operate.
Where AI fits in
Spoiler alert: AI is powerful, but it’s not magic. Also, it doesn’t work without people.
When we talk about leveraging AI for resilience, we’re in no way talking about replacing humans. Rather, we’re talking about finding secure and strategic ways to combine the power of AI with the power of humans, ultimately improving resilience.
When used properly, AI can make organizations’ cybersecurity efforts more efficient and effective. For instance, AI can:
- Identify suspicious behavior sooner before it snowballs into an incident.
- Prioritize threat intelligence based on patterns and known risks.
- Streamline incident response, shaving critical minutes or hours off recovery time.
- Simplify complexity by synthesizing data and alerts across systems and connecting dots that humans can’t see alone.
For small teams with limited personnel and time, this is a game-changer for the effectiveness and efficiency of organizational cybersecurity efforts. This, in turn, can drastically improve organizational resilience and community resilience. Leveraging AI isn’t just good security practice. It’s becoming an essential component of good business and community stewardship.
But there’s a catch: AI still needs us.
Why humans aren’t going anywhere
Even the best AI makes mistakes, and no AI can fully model human behavior. It doesn’t know the intricacies of your operational procedures, all the external forces that could hit your organization, or the personalities of everyone on your team (think: that coworker who is about to head on a must-deserved long weekend, is rushing to make their flight, and accidentally clicks on a malicious link in a phishing email).
While AI is a valuable tool, it should not be considered the only tool in your toolbox when it comes to resilience. Humans must know how to use AI, when to override it, and gather vital information and perform vital functions AI can’t. AI can strengthen resilience only if your team knows how to guide it.
Fun note: The images you see in this article are AI-generated. If you look closely, you’ll see made up letters on signs. Use this as a visual demonstration of AI’s limitations.
Conclusion
Resilience starts and ends with humans.
No matter your organization size, cyber resilience is essential. It’s also a responsibility to your community. AI can be a force multiplier, but it does not replace humans.
If your organization has questions about how to assess and improve resilience, we at protasec are here to help. Reach out to us at in**@******ec.com, and let’s build resilient communities together.
This blog is shared in reference to protasec’s Business Continuity Awareness and Resilience Week campaign. Learn more about this week at The Business Continuity Institute’s website. Visit www.protasec.com/blog to read more insights.
Recent Posts
5 Things About Cybersecurity Every Small Law Firm Needs to Know
September 4, 2025
The Efficiency Dilemma: How AI Is Supercharging Both the Good Guys and Bad Guys
May 23, 2025
More Than a Buzzword: How Cyber Resilience is Vital to Community Resilience
May 22, 2025
From Risk to Resilience: Rethinking Supply Chains in an Uncertain World
May 21, 2025
Harnessing Artificial Intelligence for Enhanced Business Continuity and Resilience
May 20, 2025
Popular Tags
- AI
- AIU
- artificial intelligence
- artificialintelligence
- best practices
- business budgeting
- business continuity
- business recovery
- business strategy
- businesscontinuity
- community
- compliance
- connectivity
- credential security
- cybersecurity
- cybersecurityinsurance
- data analytics
- data privacy
- device security
- disaster response
- DND
- dos and donts
- ethics
- executive
- financial protection
- financialprotection
- future
- incident response
- incidentresponse
- information security
- infosec
- insurance
- law
- law firms
- leadership
- legal
- password day
- passwordday
- passwords
- physical security
- preparation
- readiness
- reputation
- resilience
- risk
- riskassessment
- riskmanagement
- simulations
- situational awareness
- small business
- supply chain
- tabletop exercises
- technology
- travel
- trends
- TTRPG
- value proposition
- wargaming
- weather
- zerotrust