The Cyber Resilience Compass 2025

Most of the experts consulted have crisis plans and playbooks in place, and most regularly conduct exercises, though it can be hard to effectively engage external third-party suppliers and ensure that all potential scenarios are considered. When major incidents affect multiple organizations simultaneously, ensuring quick access to the right sources of external expertise can be challenging. Alternative communication channels during a crisis are needed, and sometimes these arrangements are ad hoc. Keeping a clear record of decisions made and the information supporting these decisions is important, too. Crises provide opportunities for organizations to learn, but often organizations learn only from incidents that have negatively affected them, whereas there are also valuable insights in successfully managed incidents. As digitalization accelerates and cyberthreats grow, we recognized the need to integrate IT/OT expertise into our emergency and crisis response. We have invested heavily in building robust plans, training cross-functional teams and preparing our organization to handle both traditional and cyber-driven crises. Sigmund Kristiansen, Chief Cyber Security Officer, AkerBP Traditional IT service continuity plans – which are built around the assumption of physical threats such as natural disasters – often fail to adequately address the unique nature of modern cyberattacks, especially ransomware. Ransomware attacks do not just disrupt infrastructure in the same way as physical events; instead, they target primary and failover systems alike. Recognizing the growing threat of ransomware and the need for strong cyber resiliency, Henkel, a leading global company in adhesive technologies and consumer goods, took a proactive approach. To ensure rapid recovery and minimize downtime, the company undertook a comprehensive review of its IT architecture and continuity strategies, identifying several key initiatives: –Green network for rapid recovery: An isolated “green network” across global sites and cloud infrastructure enabling the immediate recovery of operations independent of ongoing forensic investigations, ensuring the swift restoration of critical services. –Prioritized recovery with immutable back-ups: Clear recovery priorities for business-critical workloads, alongside a robust back-up strategy that uses immutable back-ups to protect against data tampering. –Enhanced end-user device recovery: Site-specific procedures for the rapid reimaging of end-user devices at scale (restoring or reinstalling an operating system and software to a known, secure state), reducing recovery times and minimizing disruptions. By addressing the specific challenges posed by ransomware, Henkel is significantly strengthening its cyber resilience. The new approach has enabled faster recovery, empowering the company to better withstand cyberthreats.CASE STUDY 11 Henkel – Rethinking IT resilience: Building recovery from ransomware The Cyber Resilience Compass: Journeys Towards Resilience 19