How Can We Improve Our Cyber Resilience Rather Than Just Cybersecurity?

Question 3 of 10 in our Cyber Resilience series - Your Biggest Cyber Security Concerns Answered...

Here’s how a lot of conversations with business owners start these days:

“We’ve got all the kit’ firewalls, antivirus, MFA, staff training, but I still can’t shake the feeling we’d struggle if something serious happened.”

And that’s the shift we’re seeing across UK businesses. The penny’s dropping that even with good cybersecurity, things can still go wrong.

The real question isn’t “how do we stop everything bad from happening?” it’s “how do we make sure we can survive it?”

That’s the heart of cyber resilience. It’s about being ready to take a hit and keep going.

Why This Question’s Suddenly Urgent:

• Major UK incidents this year show survival matters more than prevention.
• M&S lost £300m and was offline for 46 days.
• Jaguar Land Rover halted global production for a month – costing up to £1.9bn.
• KNP Logistics, a 158-year-old company, collapsed completely after ransomware – 700 jobs gone.



Regulators are shifting focus from “did you prevent it?” to “could you recover from it?”

The new UK Cyber Security and Resilience Bill puts resilience centre stage.

If your board’s asking “what’s our resilience strategy?”, they’re on the right track.

The Real Question Behind the Question

Here’s what most business leaders really mean when they ask about resilience:

“If the worst happened tomorrow - a cyberattack, a supplier breach, a ransomware hit - could we actually keep trading?”

It’s an honest, practical question. Because deep down, everyone knows a breach is inevitable. The real difference is in how you respond.

Cyber resilience means accepting you’ll be hit and being ready to recover fast.

From Security to Resilience

1. The Traditional Model
   

Build A Fortress:

• Keep attackers out
• If they get in, you’ve failed
• Focus: Prevention only

It’s worth saying that traditional cybersecurity isn’t completely blind to recovery, most organisations have backups and some disaster recovery capability.

But here’s the difference: those measures are often designed to restore data, not restore the business. Resilience takes it further; making sure critical operations, people, and communications can carry on while you recover. It connects the technical response to the operational reality.

• Maintain strong defences, but accept breaches can still happen
• Limit the damage when they do
• Recover quickly and keep operations running
• Learn and adapt to come back stronger
• Focus: Protection, survival, and adaptation

Think of it like this: cybersecurity is your seatbelt and airbags; resilience is your ability to walk away, fix the car, and get back on the road.

Lessons from Real UK Incidents

KNP Logistics, 2025: A single weak password let ransomware cripple a 158-year-old transport firm. Insurance couldn’t save them. They folded. 700 jobs lost.

Marks & Spencer, 2025: Hackers compromised a supplier, taking M&S offline for 46 days. Cost: £300m. Value wiped: £750m. Still recovering months later.

Jaguar Land Rover, 2025: The most expensive UK cyber breach ever. Production halted for a month. 33,000 staff affected. Cost: up to £1.9bn. Only survived with government help.

These weren’t careless companies. They had cybersecurity. They lacked resilience.

The Three Possible Outcomes

1. Failure (KNP): No plan, no recovery, business closed.

2. Severe Disruption (M&S): Weeks of downtime, huge cost, reputation hit.

3. Controlled Recovery: Quick containment, minimal disruption, back to normal fast.

The difference? Cyber resilience planning done properly.

The Four Pillars of Cyber Resilience

Think of these as your four superpowers: Anticipate, Withstand, Recover, Adapt.

1. Anticipate - Spot Problems Coming

Understand your risks before they become incidents.

• Stay updated on threats
• Act on risk assessments
• Monitor for warning signs
• Know which systems are critical

Map your critical systems - what can’t you lose for 24 hours?

2. Withstand - Absorb the Hit

Can you keep key operations running?

• Keep offline and immutable backups that can’t be altered or deleted by ransomware
• Test your backups regularly
• Build redundancy for critical services
• Segment your network
• Maintain practical continuity plans

Test your backups, including your immutable copies. KNP had insurance but couldn’t recover because their backups weren’t secure or separated.

Immutable backups (sometimes called write-once backups) are versions of your data that can’t be changed, even by an administrator. They’re one of the simplest ways to ensure you always have a clean, restorable copy, no matter how bad the attack.

3. Recover - Bounce Back Fast

How quickly can you restore operations?

• Have tested recovery procedures
• Assign clear roles
• Prepare comms templates
• Know who to call for help

Imagine it’s 9 am on a Monday and your systems are locked. What’s your first move? Who makes the call? How do you keep customers informed? If you can’t answer that, you need a plan.

4. Adapt – Learn and Improve

• Review every incident
• Update plans for new threats
• Hold regular “what did we learn?” sessions
  
  

After any incident, even a close call, sit down within a week and ask what worked, what didn’t, and what needs fixing.

The Resilience Gap

We recently audited a professional services firm. They had decent cybersecurity; firewalls, patching, awareness training.

But when we asked what would happen if ransomware hit that night, the room went quiet.

Their backups were online, never tested, no recovery priorities, no comms plan.

They had cybersecurity. They didn’t have resilience.

Less than 10% of UK organisations feel confident managing supply chain risks and even fewer feel resilient themselves.

Quick Resilience Health Check

Grab a coffee and tick what’s true for you:

Anticipate

☐ We know which systems are critical

☐ We monitor threats

☐ We assess our cyber risks

Withstand

☐ We have offline, immutable, and tested backups

☐ Our network is segmented

☐ We have redundancy for critical systems

Recover

☐ We have a tested incident plan

☐ Everyone knows their role

☐ We can communicate during an outage

Adapt

☐ We review incidents and update plans

☐ We run regular resilience exercises

Fewer than 8 ticks? You’ve got work to do and you’re not alone.

The 90-Day Resilience Roadmap

You don’t need perfection, just progress.

Month 1: Understand - Map your critical systems and risks.

Month 2: Prepare - Set up offline and immutable backups, write an incident plan, identify who to call.

Month 3: Test - Run a tabletop exercise, test restores, refine your plan.

The Bottom Line

Cyber resilience isn’t about being breach-proof.  It’s about being ready.

Outcomes speak:

• KNP → No plan → Closed, 700 jobs lost.
• M&S → Limited resilience → 46 days offline and £300m cost.
• JLR → Some resilience → Recovered with support.
  
  

The survivors aren’t the ones that never get hit, they’re the ones that recover, learn, and come back stronger.

It’s not rocket science, it’s just smart business continuity, tuned for cyber threats.

Three things to remember:

1. Breaches will happen so plan to survive them.
2. Resilience means anticipating, withstanding, recovering, and adapting.
3. Start small: know your key systems, test backups (including immutable ones) and have a plan.
   

Want Help Building Your Resilience?

At KH InfoSec, we help SMEs turn good cybersecurity into real cyber resilience.

Our Fractional CISO service gives you the expertise of a security leader (without the full-time salary or complexity).

Here’s what that looks like in practice:

• We help you identify your critical systems and biggest risks.
• We design continuity and incident response plans that actually work.
• We implement and test immutable backups so you always have a clean recovery point.
• We build a culture of continuous improvement and learning.

If you’re unsure where to start, let’s have an honest conversation about where you are now and what will make the biggest

difference.

Message us or visit KHInfoSec.com to book a short discovery call.

Because the real question isn’t “will we get hit?”. It’s “will we survive it?”