You can’t stop every attack — but you can control how you recover, Andrey Leskin, CTO of Qrator Labs explains. You can’t stop every attack — but you can control how you recover, Andrey Leskin, CTO of Qrator Labs explains. Cyberattacks on businesses continue to grow in frequency, complexity, and cost. It’s difficult to pin down the global impact of cyber threats — estimates vary widely, with some reaching implausible figures like $10 trillion a year. But let’s look at hard data: according to IBM’s Cost of a Data Breach Report 2024, the global average cost of a data breach rose by 10% year-over-year, reaching $4.88 million. Cost of a Data Breach Report 2024 The largest ransomware case of 2024 — the attack on UnitedHealth Group — resulted in over $3 billion in total damages, as reported in the company’s 2024 financial statement. Meanwhile, Qrator Labs’ 2024 report shows a 53% year-over-year surge in DDoS attacks, with the largest identified botnet being 67% bigger than the previous year’s record. 2024 financial statement 53% year-over-year surge in DDoS attacks The root causes haven’t changed much — relentless digitalization, growing automation, and now the latest ingredient: AI-powered threats. But the volume and sophistication of attacks have reached a point where prevention alone no longer cuts it. Let’s face it: stopping every attack is impossible. It’s time to shift focus to building true cyber resilience. Beyond prevention: what cyber resilience actually looks like Beyond prevention: what cyber resilience actually looks like A prevention mindset is about keeping attackers out. A resilience mindset goes further — it assumes they’ll eventually get in. That doesn’t mean abandoning defenses. It means accepting that sooner or later the perimeter will be breached — and preparing for that moment in advance. Resilience is about designing systems and processes that allow the business to keep operating, even during an active incident. In other words, a resilient organization can take the hit — with no downtime, no data loss, no reputational fallout, and no disruption to customers or partners. Ultimately, it’s about impact control, rapid recovery, and maintaining continuity. A shift in strategy: building resilience from the ground up A shift in strategy: building resilience from the ground up While cyber resilience starts with a mindset, it must be backed by a comprehensive strategy. Let’s consider four pillars to shape your framework. First, maintain an up-to-date incident response plan that clearly outlines roles, actions, and escalation paths. Test it regularly through drills to ensure everyone knows what to do when an attack hits. Second, train your people. Human error remains a major risk: some estimations, including recent research by Mimecast, suggest it’s responsible for up to 95% of all data breaches. Ongoing security awareness training — especially for high-risk roles — builds a culture of vigilance and significantly reduces the chance of a costly mistake. recent research by Mimecast Third, make cybersecurity a business priority. Aligning security with broader companies’ objectives, such as maintaining business continuity and protecting customer trust, ensures buy-in across the organization, improves response times, and reinforces long-term resilience. Finally, the fourth pillar is having the right technology to support your strategy. From detecting threats to training your team, the tools you implement will directly impact how effectively your organization can withstand and recover from cyber incidents. Making resilience real: tools that help you prepare and respond Making resilience real: tools that help you prepare and respond To implement the resilience strategy, you need the right tools. While the specific set will depend on your organization’s needs, there are essentials that will help you build a solid foundation and guide your next steps. Attack surface management (ASM) tools provide constant visibility into exposed assets — including cloud services and shadow IT — so that teams can fix vulnerabilities before attackers find them. Meanwhile, user and entity behavior analytics (UEBA) tools detect anomalies that humans might miss, such as unusual login patterns, access to sensitive files outside of normal workflows, or sudden spikes in data transfers. Security orchestration, automation, and response (SOAR) platforms streamline incident handling by automating detection and response workflows. For training and preparedness, cyberattack simulation environments recreate real-world threat scenarios, giving security teams hands-on experience in detecting and responding to active attacks. Threat intelligence platforms (TIP) help teams stay ahead of emerging threats by aggregating and analyzing real-time data — such as indicators of compromise, attack patterns, and threat actor activity collected from dark web forums, malware feeds, and open sources. The AI dilemma: more tools for attackers, more challenges for defenders The AI dilemma: more tools for attackers, more challenges for defenders AI has already become a force multiplier for cybercriminals. They don’t use it to directly break into systems — at least not yet — but it already helps them streamline tasks like writing malicious code or generating phishing content. In short, AI makes their job easier. Defenders, meanwhile, face a much tougher path. Despite the growing number of AI-based cybersecurity tools on the market, most share the same three drawbacks: they’re hard to deploy, extremely difficult to configure, and expensive to operate. As a result, many organizations struggle to justify the investment or demonstrate real, measurable impact. For those seriously considering AI-powered security, it’s best to rely on proven case studies from large companies that have already implemented such tools. This can help estimate the cost, complexity, and actual value these solutions might deliver. Resilience isn’t optional anymore Resilience isn’t optional anymore Cyber threats are here to stay — and attackers are getting more capable than ever. You can’t predict every breach, but you can control how quickly you detect it and what happens next. By shifting from a purely preventive posture to a resilience-first mindset, business leaders can minimize disruption, protect their reputation, and maintain trust. At the end of the day, this shift isn’t just smart or pragmatic — it’s the only sustainable way to stay ahead of what’s coming.
