Too Long; Didn't Read
Every company and organization remains highly vulnerable to sophisticated cyber-attacks from hostile nation-state-backed actors, criminal and terrorist groups, and rogue individuals. NIST SP800–160 volume 2, "Developing Cyber Resilient Systems — A Systems Security Engineering Approach" The main difference between them is the focus of the response. Cybersecurity is still on preventive controls. Cyber Resiliency is different from security defense. It is about knowing bad things will happen. The question is not about if but when. The scope of protection would be more than the "Crown Jewels"