3 tips for building cyber resilience

Cyber attacks are no longer contained to just data breaches.

In August 2025, a ransomware attack on Jaguar Land Rover brought production to a halt for five weeks. A month later, flights from airports including Berlin, Dublin, and Brussels were delayed by an attack that disabled automated passenger check-in systems. And in Norway, state-linked hackers released more than 2 million litres of water from a dam in Bremanger.

These incidents underline the shift in cyber crime from data theft to operational disruption. With the potential for costly service outages, robust cyber security is a continued necessity.

Improving cyber resilience is one way to reduce the impact of breaches through better containment and response. Here are three tips for building cyber resilience. is one way to reduce the impact of breaches through better containment and response. Here are three tips for building cyber resilience.

1. Build resilience from the bottom up

There’s no such thing as 100% protection from cyber breaches. Using an approach of safe failure—where systems revert to a secure, minimal-risk state automatically when they fail—can mitigate unauthorised access and data loss.

This methodology helps organisations recover faster and minimise financial impact. That’s significant when you consider the $4.44 million average cost of a breach, according to IBM.

To reduce the severity of a potential incident, it’s important to ensure strict segmentation between IT and operational technology (OT) functions. Establishing pre-authorised procedures can isolate the affected network or app without forcing a complete shutdown.

This approach creates a safety net to minimise the impact of an attack so that in the event of one unit failing, the whole enterprise doesn't shut down.

If an attack does happen, security teams must understand which IT systems have been disrupted, the business and geo areas supported, and who has access to them. With greater transparency, they can rapidly mitigate the impact and address the cause of the problem.

It’s also essential to have a contingency plan for when things go wrong. Maintain immutable, offline backups that are physically disconnected from the network to ensure a clean starting point for recovery.

2. Prevention is better than cure

While resilience is the goal, cyber hygiene is the most effective way to close the doors attackers exploit and reduce the attack surface. This involves establishing strong login methods, such as multi-factor authentication and security keys, especially for business-critical systems.

Role segregation and access controls—for employees and AI—can also help close gaps. As agentic AI is deployed across the business, guardrails are needed to ensure the technology interacts only with data and systems required for specific functions, while maintaining a clear, auditable trail of autonomous actions.

Patching systems should be treated as a duty of care that can be automated on low and mid-risk applications/systems. This will provide IT teams the capacity to focus on patching and maintenance requirements for high-risk environments to mitigate/avoid governance failures. The incidents highlighted earlier show that vulnerabilities within core systems can be rapidly exploited—so timely fixes and continuous monitoring are musts.

Organisations also need real-time visibility of every asset connected to their network. Traditional security scanning technologies can overlook shadow IT, internet of things (IoT) devices, and OT. IT leaders must evaluate their architecture design to help eliminate these blind spots.

Looking beyond technology, people are often the weakest link—even in the best-planned infrastructure. According to Verizon, the “human element” accounts for 60% of cyber security breaches.

Regular digital scenario testing involving partners and the extended enterprise can help identify operational vulnerabilities so they can be remediated before causing disruption. If vulnerabilities can’t be mitigated immediately, security leaders can create playbooks for when a breach occurs, supporting compliance with regulations such as the Digital Operational Resilience Act (DORA).

3. Technology is the connective tissue

Whether it’s anticipating threats or orchestrating recovery, technology underpins operational and cyber resilience.

Integrating vulnerability management, asset intelligence, and business continuity measures into a unified platform can equip organisations to manage complex operational risks and regulatory requirements. Technology-driven segmentation and streamlined communication help ensure incidents are contained swiftly.

Using an AI-enhanced enterprise platform, organisations can consolidate risk registers, automate playbooks, and directly link cyber and operational risk to financial impact. Unified dashboards give teams visibility across vulnerabilities and assets, enabling rapid isolation, contextual investigation, and coordinated recovery.

Asahi Europe and International used the ServiceNow AI Platform to standardise its use of technology and protect itself against increasingly sophisticated cyber security threats. .

The beverage manufacturer deployed ServiceNow® Security Operations with Vulnerability Response, which integrates with its existing security tools to show one clear view of weaknesses. The solution automatically prioritises and addresses the biggest cyber risks, reducing manual tasks and management time.

The cyber-resilient enterprise

Organisations must treat cyber resilience as an enterprise-wide discipline rather than an IT function. By enhancing governance over the entire digital estate, including technologies from IoT to agentic AI, leaders can build enterprise-wide cyber resilience.

Find out how ServiceNow can help you unify cyber and risk operations on a single AI platform.