The Cyber Resilience Compass 2025

Conclusion and next steps Cyber resilience is no longer optional; it has become a fundamental requirement for organizations in an increasingly digital and interconnected world. As it is becoming impossible to prevent all cyber incidents, it is essential to shift the focus from prevention to a cyber resilience mindset – minimizing incidents’ potential impact on critical objectives, stakeholder confidence and long-term growth. There is no one-size-fits-all solution to cyber resilience, as each organization’s approach must be tailored to its specific context and goals. However, by sharing knowledge and learning from front-line experiences, organizations can make well-informed decisions when building their cyber resilience strategies. The Cyber Resilience Compass, showcasing front-line practices in seven categories, seeks to provide the valuable insights that can help organizations develop and refine their cyber resilience journey. Looking ahead, more work is needed to move from individual success stories to a scaled, structured approach to resilience. The aim is for the Cyber Resilience Compass to become a vehicle for the exchange of front-line experiences and insights – a dynamic tool that serves as a reference for cyber leaders to enhance their cyber resilience strategies. Building on the leading insights in this report will help organizations transition to a more consistent, measurable and future-ready approach to cyber resilience. Please access additional insights and contribute to the Cyber Resilience Compass here.Using the Cyber Resilience Compass to share front-line cyber resilience strategies that work will help organizations ready themselves for ever-changing future challenges. Methodology This paper is anchored in the thematic analysis of five virtual community workshops, two in-person expert community workshops, five smaller virtual working groups and 39 semi-structured one-on- one consultations, which took place between May 2024 and March 2025. A total of 102 experts from 84 different organizations participated in the discussions and consultations. While most participants held positions specifically overseeing cybersecurity – such as CISOs and chief technology officers (CTOs) – a diverse array of profiles participated, including chief executive officers and consultants. The representation included 18 different industry sectors and participants from North America, South America, Europe, Africa, Asia and Oceania. The Cyber Resilience Compass: Journeys Towards Resilience 22