Cybersecurity Testing Can Ensure Cyber Resilience—Here's How to Do It
Too many businesses are dangerously overestimating their cyber resilience.
Any business that has an online presence is vulnerable to a cyberattack. Most vulnerabilities are due to legacy or unpatched systems that still power core operations, exposing critical entry points. However, the biggest weakness isn't always technical, but in a company's perception.
Too many businesses are dangerously overestimating their cyber resilience because they see investments in digital tools and services as an all-in-one solution. This false sense of protection can create a blind spot, leading to significant financial losses and reputational harm if left unresolved.
Here is why this happens and how businesses can accurately test and strengthen their security posture.
Disconnect Between Confidence and Actual Cybersecurity Readiness
Cyberattacks have become more prevalent in recent years, with healthcare, finance, and manufacturing the most targeted industries due to their valuable data and the ways this information can be exploited. In fact, nearly six in 10 companies had to protect themselves from ransomware incidents.
Despite these sobering numbers, Bain & Company revealed that 43% of industry leaders believe they're following the best cybersecurity practices, yet only 24% of those actually met the standards. This complacency creates a gap between perceived and actual readiness, leaving firms vulnerable to ransomware, data loss, and extended business downtime.
What causes this disconnect between confidence and actual cybersecurity readiness? It can stem from various factors, which may be technical, organizational, or psychological. Here are some of the most common reasons:
5 Warning Signs a Company Is Overestimating Its Cybersecurity Posture
Knowing the red flags can help businesses identify whether they're among the overconfident majority. Here are five common indicators:
If an organization has never performed a breach and attack simulation (BAS) or red team exercise, it's likely operating in the dark. These simulations expose real-world weaknesses that standard security reviews often miss.
Security posture assessments should occur regularly, especially as business environments, tools, and threats evolve. Relying on annual reviews or outdated risk models is a strong sign of overconfidence. It is generally recommended to evaluate risk annually, but some companies benefit from quarterly or even monthly reviews.
Mistaking regulatory compliance for comprehensive protection is common, but it's a misleading reality. Compliance provides a baseline, not a guarantee that a business will likely survive an attack.
Assessing a company's resilience must include evaluating its risk exposure. Micro, small, and medium Enterprises (MSMEs) can take a critical hit from a cyberattack. If a recovery plan hasn't been tested under stress, it's unlikely to hold up in a real-world scenario with much higher stakes.
True cyber resilience is cross-functional, not only the responsibility of the IT team. If executive leaders, finance, operations, and legal teams aren't involved in incident response planning, the organization may not be as prepared as it thinks. With 95% of data breaches tied to human error, any employee can jeopardize the company.
More from AllBusiness:
How to Perform Cybersecurity Testing to Evaluate Cyber Resilience
Organizations must conduct realistic and data-driven inspections of their current readiness to bridge the gap between confidence and actual capability.
A good starting point is a comprehensive security posture assessment (SPA). It probes into the technical controls a business has set up, including firewalls, EDR configurations, and access management policies. It also considers employees' user behavior, such as their susceptibility to phishing or unsafe browsing habits on company computers. SPAs help identify gaps in policy enforcement and recovery preparedness.
Running BAS tools helps businesses examine how well their systems can survive the latest adversarial tactics by emulating them. These technologies run thousands of real-world tactics, techniques, and procedures mapped to MITRE ATT&CK frameworks to highlight where current defenses fail before a threat actor exploits them.
Organizations must also track and benchmark key performance indicators, such as the mean time to detect (MTTD) and the mean time to respond (MTTR). If it takes a team days to detect an intrusion versus the industry standard of hours for well-prepared corporations, they may not know how to react in real-time.
Simulate attack scenarios involving all departments, from the C-suite to front-line responders, to ensure everyone understands their role in a crisis. These exercises reveal critical coordination gaps that technical testing alone cannot.
For example, who notifies law enforcement if a ransomware attack encrypts customer data and demands payment within 24 hours? Who speaks to the media? Does the legal team know if ransom payment is allowed under local laws? These exercises expose coordination gaps and practice decision-making under pressure.
Validating backup and recovery systems under real conditions is nonnegotiable. Many firms skip stress testing continuity plans, assuming backup systems will work. In reality, backups can be encrypted by the same ransomware if not properly segmented.
Routinely run live restoration drills from cold storage, cloud snapshots, and isolated backup networks. Check if the customer database can be fully restored within a 24-hour recovery time after simulated data corruption. If it takes longer or fails outright, the business continuity plan needs revision now, not after a breach.
Strengthen Cyber Resilience Before It's Too Late
Once the gaps are identified, businesses must act quickly and decisively to reinforce their defenses. Here's how:
Company Confidence Is Not Risk Resilience
The harsh truth is that if organizations haven't rigorously tested their defenses in the past six months, their cyber resilience is likely far below what company leaders assume. Overconfidence can be more damaging than being underprepared, because it prevents businesses from taking action to protect themselves.
Business leaders should not wait for a breach to be a wake-up call. By honestly assessing security posture, testing rigorously and acting proactively, companies can replace misplaced confidence with genuine resilience by assessing security posture, testing rigorously, and acting proactively.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 minutes ago
- Yahoo
XAI Madison Equity Premium Income Fund Declares its Monthly Distribution of $0.060 per Share
CHICAGO, Aug. 01, 2025 (GLOBE NEWSWIRE) -- XAI Madison Equity Premium Income Fund (the 'Fund'), has declared its regular monthly distribution of $0.060 per share on the Fund's common shares (NYSE: MCN) payable on September 2, 2025. The amount represents no change from the previous month's distribution amount. As mentioned in previous distribution declarations, the Fund has changed its distribution frequency from quarterly to monthly, which went into effect with the April 1, 2025 declaration. XA Investments believes this change enables investors to better manage their cash flow needs. Ex-Dividend Date August 15, 2025 Record Date August 15, 2025 Payable Date September 2, 2025 Amount $0.060 per share Change from Previous Month No Change The following dates apply to the declaration: Common share distributions may be paid from net investment income (regular interest and dividends), capital gains and/or a return of capital. The specific tax characteristics of the distributions will be reported to the Fund's common shareholders on Form 1099 after the end of the 2025 calendar year. Shareholders should not assume that the source of a distribution from the Fund is net income or profit. For further information regarding the Fund's distributions, please visit . The Fund's net investment income and capital gain can vary significantly over time; however, the Fund seeks to maintain more stable common share quarterly distributions over time. The Fund's final taxable income for the current fiscal year will not be known until the Fund's tax returns are filed. As a registered investment company, the Fund is subject to a 4% excise tax that is imposed if the Fund does not distribute to common shareholders by the end of any calendar year at least the sum of (i) 98% of its ordinary income (not taking into account any capital gain or loss) for the calendar year and (ii) 98.2% of its capital gain in excess of its capital loss (adjusted for certain ordinary losses) for a one-year period generally ending on December 31 of the calendar year (unless an election is made to use the Fund's fiscal year). In certain circumstances, the Fund may elect to retain income or capital gain to the extent that the Board of Trustees, in consultation with Fund management, determines it to be in the interest of shareholders to do so. The common share distributions paid by the Fund for any particular period may be more than the amount of net investment income from that period. As a result, all or a portion of a distribution may be a return of capital, which is in effect a partial return of the amount a common shareholder invested in the Fund, up to the amount of the common shareholder's tax basis in their common shares, which would reduce such tax basis. Although a return of capital may not be taxable, it will generally increase the common shareholder's potential gain, or reduce the common shareholder's potential loss, on any subsequent sale or other disposition of common shares. Future common share distributions will be made if and when declared by the Fund's Board of Trustees, after the evaluation of several factors, including the Fund's net investment income, financial performance and available cash. There can be no assurance that the amount or timing of common share distributions in the future will be equal or similar to that described herein or that the Board of Trustees will not decide to suspend or discontinue the payment of common share distributions in the future. The Fund's objective is to achieve a high level of current income and current capital gains, with long-term capital appreciation as a secondary objective. The Fund intends to pursue its objective by investing in a portfolio of common stocks and utilizing an option strategy, primarily by writing (selling) covered call options on a substantial portion of the common stocks in the portfolio in order to generate current income and gains from option writing premiums and, to a lesser extent, from dividends. Market action can impact dividend issuance as the Fund's total assets affect the Fund's future dividend prospects. The Fund provides additional information on its website at . About XA Investments XA Investments LLC ('XAI') serves as the Fund's investment adviser. XAI is a Chicago-based firm founded by XMS Capital Partners in 2016. XAI serves as the investment adviser for two listed closed-end funds and an interval closed-end fund. The listed closed-end funds, the XAI Octagon Floating Rate & Alternative Income Trust and XAI Madison Equity Premium Income Fund both trade on the New York Stock Exchange and the interval fund, Octagon XAI CLO Income Fund is available via direct subscription and through select broker/dealers and wealth management platforms. In addition to investment advisory services, the firm also provides investment fund structuring and consulting services focused on registered closed-end funds to meet institutional client needs. XAI offers custom product build and consulting services, including development and market research, sales, marketing, and fund management. XAI believes that the investing public can benefit from new vehicles to access a broad range of alternative investment strategies and managers. XAI provides individual investors with access to institutional-caliber alternative managers. For more information, please visit . About XMS Capital Partners XMS Capital Partners, LLC, established in 2006, is a global, independent, financial services firm providing M&A, corporate advisory and asset management services to clients. It has offices in Chicago, Boston and London. For more information, please visit . About Madison Investments Madison Investments is an independent investment management firm based in Madison, WI. The firm was founded in 1974, has approximately $28.3 billion in assets under management as of March 31, 2025, and is recognized as one of the nation's top investment firms. Madison offers domestic fixed income, U.S. and international equity, covered call, multi-asset, insurance and credit union investment management strategies. For more information, please visit .Madison and/or Madison Investments is the unifying tradename of Madison Investment Holdings, Inc., Madison Asset Management, LLC, and Madison Investment Advisors, LLC. Madison Funds are distributed by MFD Distributor, LLC. Madison is registered as an investment adviser with the U.S. Securities and Exchange Commission. MFD Distributor, LLC is registered with the U.S. Securities and Exchange Commission as a broker-dealer and is a member firm of the Financial Industry Regulatory Authority . XAI does not provide tax advice; please consult a professional tax advisor regarding your specific tax situation. Income may be subject to state and local taxes, as well as the federal alternative minimum tax. Investors should consider the investment objectives and policies, risk considerations, charges and expenses of the Fund carefully before investing. For more information on the Fund, please visit the Fund's webpage at . This press release shall not constitute an offer to sell or a solicitation to buy, nor shall there be any sale of these securities in any state or jurisdiction in which such offer or solicitation or sale would be unlawful prior to registration or qualification under the laws of such state or jurisdiction. NOT FDIC INSURED NO BANK GUARANTEE MAY LOSE VALUE Media Contact:Kimberly Flynn, PresidentXA Investments LLCPhone: 888-903-3358Email: KFlynn@ in to access your portfolio
Yahoo
3 minutes ago
- Yahoo
US securities regulator announces AI task force
(Reuters) -The U.S. Securities and Exchange Commission said on Friday that it is creating an artificial intelligence task force to lead the agency's efforts to "enhance innovation and efficiency" in its operations. Valerie Szczepanik, who has been named the SEC's chief AI officer, will lead the task force, the regulator said in a statement. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
3 minutes ago
- Yahoo
Nvidia's China Nightmare? H20 Chip Faces Backdoor Allegations in High-Stakes Trade Showdown
China's been turning up the heat on Nvidia (NASDAQ:NVDA), and not in a good way. This week, the country's top internet watchdog summoned Nvidia reps over what it calls serious security risks tied to the H20 chipa product Nvidia designed specifically to meet U.S. export rules. State media pulled no punches either. In a commentary published Friday, the People's Daily warned of potential chip backdoors triggering a nightmare, saying it couldn't allow infected semiconductors into its digital infrastructure. Nvidia responded firmly: Cybersecurity is critically important to us, adding that its chips don't contain any remote access pathways. Still, in today's geopolitical climate, that reassurance may not be enough. Warning! GuruFocus has detected 5 Warning Signs with NVDA. Here's where things get messier. Just a few weeks ago, the U.S. agreed to lift restrictions on H20 sales to China as part of a broader deal involving rare-earth magnetsmaterials critical for everything from smartphones to fighter jets. Commerce Secretary Howard Lutnick had framed the H20 resumption as a meaningful breakthrough after bilateral talks in London, and Treasury Secretary Scott Bessent said the magnet issue was solved. But with Beijing now putting the H20 back under the microscope, it's unclear whether Nvidia has actually received the licenses it needs to ship the chips. And if China decides the H20 isn't up to pareither technically or politicallythose sales may stall before they even start. Meanwhile, CEO Jensen Huang has been walking a tightrope. Fresh off a high-profile visit to Beijing, Huang praised China's AI momentum and national champions like DeepSeek, all while pushing back on the idea that Nvidia would ever install surveillance backdoors into its products. He called the suggestion not only false, but bad business. Still, the reality is this: Nvidia's H20, already weaker than its flagship GPUs, now faces a political test that could matter more than its specs. Investors watching the tech standoff might want to pay close attention to what happens nextbecause this chip is turning into a geopolitical bargaining chip. This article first appeared on GuruFocus. Sign in to access your portfolio
