Reimagining cyber resilience
Address cyber threats that disrupt business operations
As the frequency and sophistication of cyber attacks intensify, it’s time to rethink what cyber resilience truly means. Too often, it’s equated with redundancy — backup data centers, high-availability clusters, and best-of-breed tools stitched across environments. While these measures address isolated risks, they often create fragmented architectures and operational silos that falter under real-world pressure.
Traditional backup and disaster recovery tools remain necessary — but they’re only part of the equation. True resilience goes beyond uptime; it’s about preserving trust, continuity, and systemic stability during disruption. For a hospital, that means maintaining access to patient records and critical care systems during a ransomware attack. For a logistics firm, it’s keeping supply-chain visibility intact during a network outage. For a media company, it’s sustaining live broadcast operations in the face of a distributed denial-of-service (DDoS) storm.
Leaders must shift from technology-based redundancy to outcome-based continuity — ensuring that the most essential services remain operational when the stakes are highest.
I recently spoke with Jeff Gatz, Kyndryl’s VP of Alliances, about how to reimagine resiliency. We touched on some of the key security threats and resiliency challenges that were highlighted in the 2025 Cloudflare Signals Report, and we discussed key ingredients for building a more resilient organization in today’s complex cybersecurity environment.
Facing larger, more sophisticated DDoS attacks
DDoS attacks are among the most salient threats to cyber resilience. These attacks have become precision tools used by not only cybercriminals and hacktivists but also nation-states. Attackers are committed to disrupting operations, creating compliance problems, and damaging reputations.
The number of these attacks is increasing significantly year over year. As the report notes, Cloudflare blocked 20.9 million DDoS attacks in 2024 and 20.5 million DDoS attacks in the first quarter of 2025 alone — a 358% year-over-year increase and a 198% increase from the previous quarter.
Emerging technologies are enabling cybercriminals to increase the scale of DDoS attacks. Attackers are using botnets, IoT devices, and AI-driven automation to launch large-scale, persistent, high-impact assaults on critical digital services. In October 2024, Cloudflare detected and blocked a 5.6 Terabit-per-second (Tbps) DDoS attack — at the time, the largest attack ever reported.
Encountering the double-edged sword of AI
As Jeff Gatz mentioned in our discussion, industry leaders often recognize AI as a double-edged sword. “[AI] becomes both the weapon and also the defense against what's happening out there,” says Gatz.
The rise of agentic AI shows how AI is being employed for both good and bad. For example, organizations are eager to deploy AI agents to automate a wide range of processes so they can enhance the speed and efficiency of workflows. But cybercriminals are attacking the models, data, and third-party tools used by AI agents and other AI apps. At the same time, those criminals are increasingly employing AI tools to increase the scale and effectiveness of attacks.
To combat these threats, organizations are also using AI as part of their cyber defenses. By using machine learning models and deploying AI agents, they are enhancing decision-making, detecting anomalies faster, predicting attack patterns, and automating responses at scale. This shift enables security teams to move from reactive firefighting to continuous, adaptive defense.
This is where we see the biggest improvements in cyber resiliency — not just in preventing breaches, but in sustaining critical operations during an incident. AI-driven systems help ensure that essential services remain available, even under attack, by dynamically prioritizing resources, isolating threats, and maintaining continuity when the stakes are highest.
“[AI] becomes both the weapon and also the defense against what's happening out there.”
— Jeff Gatz, VP of Global Strategic Alliance, Kyndryl
Escalating third-party risks
AI agents and AI-powered applications are not the only systems that are vulnerable to third-party risks. In fact, any application or service that uses some element from a third party could be subject to an attack that significantly disrupts operations.
The World Economic Forum found that 54% of large enterprises identify third-party risk management as their top cyber resilience challenge. And attacks on software supply chains, cloud platforms, and third-party integrations are rising: According to the Verizon 2025 Data Breach Investigations Report, the proportion of breaches involving third parties doubled from 15% in the previous year to 30% in the year ending October 31, 2024.
The increasing enterprise reliance on a relatively small number of large cloud providers is particularly troubling. One attack, on just one vulnerability, from one cloud provider could cause widespread repercussions across multiple industries, resulting in billions in losses.
Meanwhile, client-side attacks continue to grow. Many developers use third-party scripts to streamline app development. Their apps run those scripts on an end user’s machine, in a web browser, rather than on a host’s web server. Consequently, end users are vulnerable to attacks on the scripts. So, for example, an attacker might be able to access an individual’s saved credit card information by infiltrating a client-side script running on that individual’s browser.
The average enterprise uses at least 20 third-party scripts, often for functions like analytics, ads, and chatbots. Some have up to hundreds of thousands. Each of those scripts could be an entry point for an attacker.
Proliferating cybersecurity regulations
Addressing these and other threats to resiliency is no longer optional. Around the world, new regulations are compelling organizations to strengthen their cybersecurity posture and be more transparent about the incidents they face. Some of the most stringent mandates are emerging from the United States, the European Union, and Australia.
United States: The US Securities and Exchange Commission (SEC) requires public companies to disclose material cybersecurity incidents and detail risk management strategies.
European Union: The EU’s Digital Operational Resilience Act (DORA) has established strict cybersecurity standards for the financial sector. Meanwhile, the EU General Data Protection Regulation (GDPR) imposes penalties of up to 4% of global revenue for noncompliance with that regulation.
Australia: Australia’s APRA CPS 234 mandates that financial institutions maintain robust information security measures.
Many organizations are leveraging automation to streamline reporting and ensure continuous alignment with evolving regulations. A Deloitte survey found that 62% of global organizations plan to increase investment in compliance automation.
Organizations that can address security and compliance challenges at the same time will gain a strategic edge. They will be able to accelerate entry into regulated markets, enhance customer trust, and minimize financial and reputational exposure.
Rebuilding a cyber resilience strategy
Given the complexity of the current cybersecurity landscape, how do you start to build your reimagined resilience strategy?
Jeff Gatz shared the “minimum viable company” concept that his team uses at Kyndryl to help organizations rethink resiliency. “If you experience a catastrophic event — whether it is a malware attack or a disruption caused by a nation-state — you need to return rapidly to a minimum viable set of applications, services, functions, and data,” says Gatz. “These are the absolutely essential elements that you need to stay operational in the hours after an incident.”
The first step, then, in creating a post-attack resiliency plan is to identify what elements are actually essential. Next, teams can establish realistic recovery times and begin to construct the processes and infrastructure needed to recover from attacks.
Of course, security and IT teams should also be working to address the threats that disrupt operations in the first place. The following six objectives should be your top priorities.
Find ways to absorb huge DDoS attacks and still maintain uptime. Attackers today are launching enormous DDoS attacks. You need the ability to mitigate even the largest attacks without halting operations. In most cases, gaining sufficient mitigation capacity for DDoS attacks will mean adopting cloud-based DDoS protection services. Cloud providers can implement geographically redundant infrastructure and compliance-aware failover plans, and regularly test recovery procedures to ensure both uptime and regulatory alignment.
Gain real-time visibility into critical third-party dependencies. Supply-chain vulnerabilities are now one of the most common sources of security breaches. Organizations must continuously monitor critical vendors and external services — not just at onboarding, but throughout the relationship. Enforcing contractual security obligations and integrating third-party insights into broader governance processes are essential to reducing systemic risk.
Automate compliance to keep pace with global regulations. Manual compliance processes can’t scale with the pace of global regulation. Automating key workflows — such as auditing, real-time monitoring, and jurisdiction-aware data routing — helps ensure continuous alignment while reducing operational burdens. The result: better resilience and fewer surprises during audits or assessments.
Integrate security and compliance functions. As Jeff Gatz aptly put it, “Compliance should be baked into your security architecture.” A unified platform can help organizations align threat detection with regulatory reporting, streamline audits, and improve visibility — driving down both cost and risk. Security and compliance don’t need to be separate silos; when integrated, they deliver more than the sum of their parts.
Foster a culture of security. The human layer remains the most exploited attack vector — particularly in phishing and social engineering incidents. While AI and machine learning are advancing predictive defense capabilities, organizations must still invest in consistent, high-impact user training. Empower your workforce to spot, avoid, and report threats before they escalate.
Test the full resilience posture. Being prepared means more than having technical controls in place. Build a resilience playbook that addresses operational, technical, and regulatory requirements. Then test it — regularly. Simulated disruptions help ensure your teams can detect attacks, recover quickly, and meet reporting obligations under pressure.
Strengthening cyber resiliency by combating complexity
Today’s cybersecurity threats are driving some organizations to adopt multiple solutions in an effort to bolster defenses and strengthen resiliency. But the result can be a disconnected collection of tools that creates management complexity and still leaves gaps.
As Jeff Gatz noted, consolidation is key: “What are our trusted technology partners and how do we leverage most of their ecosystem?” In particular, security and networking capabilities are prime candidates for consolidation. “Stop putting them in two separate buckets,” says Gatz. Consolidation can help strengthen security and close gaps while streamlining management and reducing costs.
I couldn’t agree more. At Cloudflare, our connectivity cloud empowers organizations to connect, protect, and build through a unified, intelligent platform of cloud-native services. We help address a wide range of security threats that can disrupt operations, while also streamlining security management — even in the most complex enterprise environments. With this foundation in place, organizations are better positioned to build a resilient, future-ready strategy.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about how to revitalize your resiliency strategy and uncover additional insights into the forces shaping today’s security landscape in the 2025 Cloudflare Signals Report: Resilience at Scale.
Author
Khalid Kark — @khalidkark
Field CIO Americas, Cloudflare
Key takeaways
After reading this article, you will be able to understand:
3 top cybersecurity threats that can interrupt business operations
Regulatory changes that complicate resilience planning
6 priorities for addressing threats and preventing operational disruptions