Cybersecurity Testing Can Ensure Cyber Resilience—Here's How to Do It
Too many businesses are dangerously overestimating their cyber resilience.
Any business that has an online presence is vulnerable to a cyberattack. Most vulnerabilities are due to legacy or unpatched systems that still power core operations, exposing critical entry points. However, the biggest weakness isn't always technical, but in a company's perception.
Too many businesses are dangerously overestimating their cyber resilience because they see investments in digital tools and services as an all-in-one solution. This false sense of protection can create a blind spot, leading to significant financial losses and reputational harm if left unresolved.
Here is why this happens and how businesses can accurately test and strengthen their security posture.
Disconnect Between Confidence and Actual Cybersecurity Readiness
Cyberattacks have become more prevalent in recent years, with healthcare, finance, and manufacturing the most targeted industries due to their valuable data and the ways this information can be exploited. In fact, nearly six in 10 companies had to protect themselves from ransomware incidents.
Despite these sobering numbers, Bain & Company revealed that 43% of industry leaders believe they're following the best cybersecurity practices, yet only 24% of those actually met the standards. This complacency creates a gap between perceived and actual readiness, leaving firms vulnerable to ransomware, data loss, and extended business downtime.
What causes this disconnect between confidence and actual cybersecurity readiness? It can stem from various factors, which may be technical, organizational, or psychological. Here are some of the most common reasons:
5 Warning Signs a Company Is Overestimating Its Cybersecurity Posture
Knowing the red flags can help businesses identify whether they're among the overconfident majority. Here are five common indicators:
If an organization has never performed a breach and attack simulation (BAS) or red team exercise, it's likely operating in the dark. These simulations expose real-world weaknesses that standard security reviews often miss.
Security posture assessments should occur regularly, especially as business environments, tools, and threats evolve. Relying on annual reviews or outdated risk models is a strong sign of overconfidence. It is generally recommended to evaluate risk annually, but some companies benefit from quarterly or even monthly reviews.
Mistaking regulatory compliance for comprehensive protection is common, but it's a misleading reality. Compliance provides a baseline, not a guarantee that a business will likely survive an attack.
Assessing a company's resilience must include evaluating its risk exposure. Micro, small, and medium Enterprises (MSMEs) can take a critical hit from a cyberattack. If a recovery plan hasn't been tested under stress, it's unlikely to hold up in a real-world scenario with much higher stakes.
True cyber resilience is cross-functional, not only the responsibility of the IT team. If executive leaders, finance, operations, and legal teams aren't involved in incident response planning, the organization may not be as prepared as it thinks. With 95% of data breaches tied to human error, any employee can jeopardize the company.
More from AllBusiness:
How to Perform Cybersecurity Testing to Evaluate Cyber Resilience
Organizations must conduct realistic and data-driven inspections of their current readiness to bridge the gap between confidence and actual capability.
A good starting point is a comprehensive security posture assessment (SPA). It probes into the technical controls a business has set up, including firewalls, EDR configurations, and access management policies. It also considers employees' user behavior, such as their susceptibility to phishing or unsafe browsing habits on company computers. SPAs help identify gaps in policy enforcement and recovery preparedness.
Running BAS tools helps businesses examine how well their systems can survive the latest adversarial tactics by emulating them. These technologies run thousands of real-world tactics, techniques, and procedures mapped to MITRE ATT&CK frameworks to highlight where current defenses fail before a threat actor exploits them.
Organizations must also track and benchmark key performance indicators, such as the mean time to detect (MTTD) and the mean time to respond (MTTR). If it takes a team days to detect an intrusion versus the industry standard of hours for well-prepared corporations, they may not know how to react in real-time.
Simulate attack scenarios involving all departments, from the C-suite to front-line responders, to ensure everyone understands their role in a crisis. These exercises reveal critical coordination gaps that technical testing alone cannot.
For example, who notifies law enforcement if a ransomware attack encrypts customer data and demands payment within 24 hours? Who speaks to the media? Does the legal team know if ransom payment is allowed under local laws? These exercises expose coordination gaps and practice decision-making under pressure.
Validating backup and recovery systems under real conditions is nonnegotiable. Many firms skip stress testing continuity plans, assuming backup systems will work. In reality, backups can be encrypted by the same ransomware if not properly segmented.
Routinely run live restoration drills from cold storage, cloud snapshots, and isolated backup networks. Check if the customer database can be fully restored within a 24-hour recovery time after simulated data corruption. If it takes longer or fails outright, the business continuity plan needs revision now, not after a breach.
Strengthen Cyber Resilience Before It's Too Late
Once the gaps are identified, businesses must act quickly and decisively to reinforce their defenses. Here's how:
Company Confidence Is Not Risk Resilience
The harsh truth is that if organizations haven't rigorously tested their defenses in the past six months, their cyber resilience is likely far below what company leaders assume. Overconfidence can be more damaging than being underprepared, because it prevents businesses from taking action to protect themselves.
Business leaders should not wait for a breach to be a wake-up call. By honestly assessing security posture, testing rigorously and acting proactively, companies can replace misplaced confidence with genuine resilience by assessing security posture, testing rigorously, and acting proactively.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
7 minutes ago
- Yahoo
Inside the Courtland Sutton deal
The Broncos have been securing their key players to long-term contracts. One such player to get a new deal was receiver Courtland Sutton. Due to make $14 million in 2025, Sutton recently signed a four-year, $92 million extension. That's a new-money average of $23 million per year. Here's the full breakdown of the contract, per a source with knowledge of the terms: 1. Signing bonus: $18.5 million. 2. 2025 base salary: $4 million, fully guaranteed. 3. 2026 option bonus: $12 million, fully guaranteed. 4. 2026 base salary: $4.735 million, fully guaranteed. 5. 2026 per-game roster bonus: $765,000 total, fully guaranteed but must be earned. 6. 2027 base salary: $19.235 million, $1 million of which is guaranteed for injury and becomes fully guaranteed on the fifth day of the 2027 league year. 8. 2027 per-game roster bonus: $765,000 total. 9. 2028 base salary: $20.735 million. 10. 2028 per-game roster bonus: $765,000 total. 11. 2029 base salary: $23.375 million. 12. 2029 per-game roster bonus: $765,000 total. The deal has $40 million fully guaranteed at signing. The other $1 million in injury guarantees vests in 2027. It's clearly a second-tier deal. Good but not among the highest-paid of all receivers. With Bengals receiver Ja'Marr Chase now north of $40 million, Sutton is at $23 million in new-money APY. From signing, the five-year deal has an annual average of $21.2 million.
Yahoo
7 minutes ago
- Yahoo
Taiwan Collaborates with USA to Promote Wellness through ‘Go Healthy with Taiwan 2025'
LOS ANGELES, August 05, 2025--(BUSINESS WIRE)--Taiwan has taken a bold step in driving regional wellness innovation with the launch of the '2025 Go Healthy with Taiwan' campaign in USA. Spearheaded by the Taiwan International Trade Administration (TITA) under the Ministry of Economic Affairs, and executed by the Taiwan External Trade Development Council (TAITRA), this campaign encourages US public institutions, enterprises, and SMEs to propose pioneering ways to apply Taiwan's health-focused technologies to local community needs. The campaign is structured as an open call for proposals across three strategic sectors: Fitness & Sports Technology, Cycling, and Smart Healthcare. Participants will vie for three US$30,000 cash prizes, awarded to the most impactful and innovative proposals. In addition, the top six teams will be invited to Taiwan for an exclusive "Go Healthy Tour"—a curated, immersive experience offering direct access to Taiwan's dynamic health technology ecosystem. This tour will feature hands-on demonstrations, site visits, and networking opportunities with leading Taiwanese companies, enabling participants to explore collaboration, product integration, and market expansion opportunities firsthand. "The response in USA has been extraordinary," said Ms. Yolanda Pi, Director of Taiwan Trade Center, Los Angeles. "Through this campaign, we are fostering deep, cross-border collaboration that empowers US communities with Taiwan's most innovative wellness solutions—setting a new benchmark for healthier societies in the world." Sectoral Focus Areas: Fitness & Sports Technology: From AI-enabled training systems to connected workout equipment, Taiwan's smart fitness innovations are designed to boost personal and population-wide wellness outcomes. Cycling: As a global manufacturing hub for high-performance bicycles and a leader in urban cycling infrastructure, Taiwan champions cycling as a sustainable, health-positive mode of transport. Smart Healthcare: Taiwan's Medtech sector offers advanced diagnostic platforms, telemedicine capabilities, and wearable technologies that are reshaping healthcare delivery and preventive care models. Participation is made simple via the SurveyCake platform, designed for ease of submission. Detailed guidelines and case examples—such as Acer's wearable health monitors already adopted by leading hospitals worldwide—are available on the official campaign website to support proposal development. Proposal Deadline: August 14, 2025 Campaign Website: Join Taiwan in creating a healthier, more resilient future—through innovation, collaboration, and shared purpose. Video Link: 2025 Go Healthy with Taiwan: Official Launch of Global Call for Proposals|Taiwan Excellence About Organizers Taiwan International Trade Administration (TITA), established by Taiwan's Ministry of Economic Affairs, is entrusted with planning trade policies, engaging in international cooperation, and promoting economic agreements. Responsibilities include trade barrier removal, data analysis, import-export administration, and addressing trade disputes. The Administration's comprehensive role spans trade promotion, MICE industry development, and managing commodity classification. It conducts investigations on import relief and anti-dumping cases, addressing diverse facets of international trade, making it a pivotal entity in Taiwan's global economic engagement. Taiwan External Trade Development Council (TAITRA) is the leading non-profit, semi-governmental trade promotion organization in Taiwan. It was founded in 1970 with the aim of promoting foreign trade, and is jointly sponsored by the government, industry associations, and several commercial organizations. The organization has a well-coordinated trade promotion and information network, which consists of over 1,200 trained specialists stationed throughout its Taipei headquarters and 60 branches worldwide. In conjunction with its sister organizations, the Taiwan Trade Center (TTC) and Taipei World Trade Center (TWTC), TAITRA has created a wealth of trade opportunities through effective promotion strategies. Please visit: View source version on Contacts Campaign Contact: Wen-Cheng Li, DirectorStrategic Marketing Department, TAITRA+886-2-2725-5200, ext.1300 brianlee@ Sign in to access your portfolio
Yahoo
11 minutes ago
- Yahoo
Coca-Cola makes sweetener change. Is corn syrup or cane sugar healthier?
Coca-Cola will be adding cane sugar to its ingredients list after all. 'We're going to be bringing a Coke sweetened with US cane sugar into the market this fall, and I think that will be an enduring option for consumers,' Coca-Cola CEO James Quincey said on a second-quarter call with investors and analysts on July 22. The company initially declined to comment on its intentions to use cane sugar after President Donald Trump claimed it would do so in July. 'I have been speaking to Coca-Cola about using REAL Cane Sugar in Coke in the United States, and they have agreed to do so,' Trump wrote in a July 16 Truth Social post. 'I'd like to thank all of those in authority at Coca-Cola. This will be a very good move by them — You'll see. It's just better!' Coke didn't confirm the claim at the time, saying in a statement shared with USA TODAY that it would share details on new offerings soon and appreciated Trump's enthusiasm for its product. Rather than replace high-fructose corn syrup as the sweetener in its flagship line, however, the sugar will be used in a drink that 'complements' and 'expands' its product range, Quincey said in the earnings call and subsequent report. USA TODAY has reached out to Coca-Cola for comment. High-fructose corn syrup is one of the ingredients the Trump administration has pushed companies to remove from food and beverages as part of its 'Make America Healthy Again' initiative. But is cane sugar actually 'healthier' for you? Here's what to know. What is high-fructose corn syrup? High-fructose corn syrup is a viscous, sweet substance made from cornstarch. When broken down into individual molecules, it becomes corn syrup, virtually a 100% glucose product, according to the Food and Drug Administration (FDA). Enzymes are then added to make some of the glucose into fructose, another simple sugar that naturally occurs in fruits. The resulting product is higher in fructose compared to the pure glucose in plain corn syrup, hence the 'high' in the name. High-fructose corn syrup is used in a large number of processed and packaged foods. Because it is cheaper to produce and more shelf-stable than regular sugar, it is widely used in the food manufacturing industry, according to the Cleveland Clinic. What is cane sugar? Cane sugar is derived from the natural byproduct of sugarcane − a tall, perennial, tropical grass from which liquid is extracted to create sugar. Corn is in the same plant family as sugarcane, which allows for the extraction of sweetener from both. The way raw sugarcane is processed and refined determines the product it ultimately yields. It can be made into a syrup, juice or crystallized and refined further into products like white sugar, brown sugar, molasses or jaggery, according to the United States Department of Agriculture (USDA) and WebMD. Cane sugar consists of sucrose, which is one-half glucose and one-half fructose. Is cane sugar better for you than high-fructose corn syrup? Like all types of added sugar, both cane and high-fructose corn syrup can have negative health effects, like weight gain, diabetes and heart disease, if consumed in excess. The FDA says it is 'not aware of any evidence' of a difference in safety between foods containing high-fructose corn syrup and 'foods containing similar amounts of other nutritive sweeteners with approximately equal glucose and fructose content, such as sucrose, honey, or other traditional sweeteners.' Dr. Wesley McWhorter, spokesperson for the Academy of Nutrition and Dietetics, told USA TODAY that high intakes of any added sugar can cause health issues, but that our bodies break down some types differently. 'High fructose corn syrup and cane sugar are both forms of added sugar, and both contain glucose and fructose; cane sugar is sucrose, which is 50% fructose, while high fructose corn syrup typically contains about 55%,' he said. 'Your body processes them similarly, but fructose is primarily metabolized in the liver. When consumed in excess, especially from sugary drinks and other concentrated sources, fructose can promote fat accumulation in the liver, a key contributor to non-alcoholic fatty liver disease.' He hopes the conversation around Coke's change sparks a larger conversation about reducing the amount of added sugar Americans consume in general, regardless of the type. 'Long-term health isn't about swapping one sweetener for another; it's about making meaningful changes to cut added sugar and improve the overall quality of the foods we eat,' he said. This article originally appeared on USA TODAY: Cane sugar vs. high-fructose corn syrup: Which one is healthier?
