Building Cyber Resilience Before the Next Attack Occurs

Companies that are most successful in responding to cyberattacks leverage distributed leadership, crisis experience, and consistent communication.

Reading Time: 8 min 


Permissions and PDF

Before the tensions between Russia and Ukraine escalated into full-blown war, cyber activity in both countries surged. As Ukraine was bracing for an invasion, cyberattacks targeted the country’s banks and government agencies, and Russian hackers attempted to bring down the power grid. Russia, in turn, found itself a target of Anonymous, a “hacktivist” collective, which in the first days of the invasion played the Ukrainian national anthem on Russian state TV along with footage from the war.

The surge in cyber activity surrounding the invasion of Ukraine, documented in a Microsoft report, stoked concerns among governments and enterprises fearful of getting caught in the digital crossfire. In 2017, a cyberattack on a Ukrainian tax preparation program led to disabled airports, railways, and banks within Ukraine and spread to a host of global companies, eventually causing more than $10 billion in economic damage).

Lessons and insights from past cyberattacks can help companies prepare and respond more successfully to future threats. A study based on data from VisibleRisk, a joint venture between Moody’s and Team8, suggests that organizations that respond poorly to an attack accumulate losses that are 2.8 times larger than those of firms that show no signs of poor response.1 In contrast, companies that respond successfully to cyberattacks can limit the negative effect on shareholder trust and even use the crisis as an opportunity.

To understand response best practices and how companies can avoid common mistakes, we drew on two sources of insights: We conducted in-depth interviews with CEOs, CFO, CIOs, chief information security officers, and other senior leaders whose companies had previously endured serious cyberattacks (including, in several cases, the 2017 Ukraine ransomware attacks); and we gathered observational data at top cybersecurity training centers that help executives prepare for crises by simulating realistic cyberattacks on their enterprises.

What Doesn’t Work

People never come to work expecting a cyberattack, so when it happens, it feels random and overwhelming. Business leaders are often suddenly confronted by unfamiliar issues for which they have received little formal training. We observed three common mistakes people make that inhibit successful recovery from a cyberattack.

Setting unrealistic deadlines for recovery. One senior leader told us that the worst day after a serious cyberattack is not day one or day two.



1.IRIS 20/20 Xtreme Information Risk Insights Study,” PDF file (Leesburg, Virginia: Cyentia Institute, 2020),

2. R. Safi, G.J. Browne, and A.J. Naini, “Mis-Spending on Information Security Measures: Theory and Experimental Evidence,” International Journal of Information Management 57 (April 2021): 1-46.

Reprint #:


More Like This

Add a comment

You must to post a comment.

First time here? Sign up for a free account: Comment on articles and get access to many more articles.