THE article argues that cyber resilience should be the backbone of business continuity, linking security, continuity and risk management around what the business cannot afford to lose. It cites the ISF Standard of Good Practice 2026 as a framework that asks organisations to connect continuity with governance, information risk, system resilience, security incident management and testing.
It emphasises that continuity starts with governance, with decision rights, escalation paths and recovery priorities forming the foundation for how an organisation responds to incidents. The piece introduces the concept of a minimum viable business, identifying critical processes, information assets, people, suppliers and infrastructure that must remain operational despite disruptions.
It also stresses that resilience encompasses supplier and cloud dependencies, and that these third parties should be integrated into continuity planning. Finally, it highlights that resilience is validated through testing realistic scenarios to ensure coordination across departments and timely recovery. Written by Steve Durbin of the Information Security Forum, the article frames cyber resilience and risk management as central to continuity planning.