In an age of escalating digital threats, cyber resilience has long become the responsibility of the boardroom and not of IT. Technology leaders must embed it into every aspect of business strategy to protect operations, customers, and the competitive edge. John Molloy, General Manager, Northern Ireland at Ergo, discusses the importance of cyber resilience and how it isn’t just about being protected, it’s about continuity, governance, and a duty of care when it comes to data.
A New Reality In a whitepaper produced by the World Economic Forum in collaboration with Oxford University, cyber resilience is described as ‘an organisation’s ability to minimise the impact of significant cyber incidents on its primary goals and objectives.’
Now, in 2025, the line between digital infrastructure and core business operations has all but disappeared. As cyber threats grow in scale, sophistication and frequency, it’s now a fundamental business imperative to be cyber resilience literate.
READ MORE: Cancer Fund for Children Partners with Nihon Cyber Defence to Enhance Cyber Resilience
Just as traditional business resilience strategies aimed to ensure continuity amid economic shocks or supply chain disruptions, cyber resilience now underpins an organisation’s ability to survive and thrive in a landscape where digital risk is constant. Marks & Spencer’s cyber-attack earlier this year is a very real and recent example which brought to light the importance of businesses being protected, and how an attack can impact critical infrastructure, even that of a global company.
The attack took place over the Easter weekend, initially affecting click-and-collect and contactless payments. A few days later M&S put a banner on its website apologising that online ordering was not available.
This attack is expected to cost the company £300 million in lost operating profit, a significant portion of its overall earnings.
This example, along with many others, continues to highlight how cyber resilience must now be a core priority and not just a compliance checkbox.
Why Cybersecurity Alone isn’t Enough
It’s important to distinguish between cybersecurity (prevention) and cyber resilience (ability to withstand and recover).
Cyber resilience is about building systems, cultures, and leadership approaches that anticipate disruption, respond in real-time, and recover quickly with minimal damage. It means designing business models that can flex under pressure, not just from physical threats, but from digital ones that are often invisible until it’s too late.
For boardrooms, this requires a mindset shift. Cyber resilience must be part of corporate governance and risk management, not relegated to the CISO’s to-do list.
Even well-prepared and well-defended companies will suffer breaches; resilience is about business continuity. Your business’s resilience to a cyberattack today may determine your relevance in the market tomorrow.
Cyber Resilience as a Strategic Imperative
Cyber resilience is not just about fear and defence – it’s also about opportunity. Resilience aligns with broader business priorities: customer trust, operational continuity, and investor confidence.
The regulatory environment is constantly evolving and updating (e.g. NIS2, DORA, GDPR) along with its complications. In a competitive landscape where reliability is currency, resilience becomes a strategic differentiator, and an opportunity for competitive advantage, not just a risk mitigating exercise.
There are very real repercussions for companies that suffer from a cyber-attack. The impact can be vast and can include being unable to fulfil orders, and customers who don’t trust your business anymore.
There are very real commercial consequences to breaches, from halted operations and lost revenue to long-term brand erosion. The cost of unpreparedness far outweighs the investment in building a robust cyber resilience framework.
Time For Change Almost three-quarters of Irish businesses reported an increase in cyberattacks in the past year, according to the Hiscox Cyber Readiness Report. Building on this, almost half of the businesses surveyed said they had suffered from reputational damage due to the loss of sensitive information following a cyberattack.
READ MORE: ANGOKA appoints former F1 Chief Race Engineer Mark Gillan CEO
In short, the digital era has redrawn the map of business risk, and from here on out, cyber risk must be embedded into enterprise risk management.
Moreover, it’s not just the responsibility of the IT team; leadership and boards must take a more hands-on approach, and cross-functional incident response teams must be built.
Those who fail to adapt will face disruptions they cannot afford. The businesses that succeed in the next decade will be those that embed cyber resilience into their culture, strategy, and leadership mindset.
Read the latest edition, Summer 2025, of Sync NI here completely free of charge.
Subscribe to the Sync NI newsletter for all the latest technology news, jobs and upcoming events in Northern Ireland.
Visit Sync NI online for the latest technology news in Northern Ireland.
