The superpower that no one sees
With cyberattacks now the norm, companies have yet another challenge to deal with. The ‘superpower’ they need here is resilience – in cybersecurity and other parts of their business.
1 december 2025, Text Andreas Heer, Image: Swiss Cyber Storm 4 min
Imagine your business is judged not only by how impenetrable its walls are, but also by how quickly it can get back on its feet after a cyberattack. This ability – resilience – is the hidden superpower of cybersecurity. While often underestimated, it is crucial when cyber incidents occur or new security loopholes are discovered – such as the Log4J and xz vulnerabilities. The 2025 Swiss Cyber Storm(opens in new tab) cybersecurity conference showed that organisations that think strategically about resilience can remain effective even in turbulent times.
What is resilience in a cybersecurity context?
Resilience is more than just defence. It is the ability to not only prevent attacks, but also survive them and emerge stronger. For companies of all sizes, this means that resilience is not a state – it is a continuous process involving technology, organisation and people. It requires us to be able to prepare for the unexpected and to react flexibly.
Technical resilience: M365 incident response
Swisscom’s B2B CSIRT has developed an incident response framework for Microsoft 365. It can uncover attackers’ activity based on rules and helps companies to define measures to stop attacks. For example, the framework detects ‘impossible journeys’, such as logins from different regions within a short period of time, attackers’ newly registered MFA devices and mass downloads for business data exfiltration.
Angelo Violetti, an incident responder at Swisscom’s B2B CSIRT, also presented actionable recommendations for how companies can increase the resilience of their M365 environments. These included:
- Phishing-resistant multi-factor authentication
- Continuous access evaluation: ongoing monitoring of access activities, e.g. for changed IP addresses
- Conditional access policies to govern the addition of extra MFA devices
- Outbound spam policy to prevent bulk mailing from compromised accounts
- Auditing and logging in SIEM systems for monitoring in SOCs
Not everything can be prevented with this IR framework, but much can be mitigated
and quickly contained.
Regulatory resilience: SBOMs and new requirements
Gone are the days when software providers could wash their hands of a product after a sale. New regulations and reporting obligations, such as the EU’s Cyber Resilience Act (CRA), aim to improve cybersecurity, especially in the software supply chain. From September 2026, providers will have to report actively exploited vulnerabilities in their products within specified deadlines. This requires knowing exactly which components and libraries are in the software in order to detect, for example, tampered packages from the NPM or PyPi repositories. An SBOM (software bill of materials) is essential for this. But while the approach is clear, there are challenges when it comes to implementation:
- Automated checks are needed to manage the multitude of dependencies and vulnerabilities
- Not all vulnerabilities are published as Common Vulnerabilities and Exposures (CVEs), there are often naming inconsistencies and the National Vulnerability Database (NVD) is not always up to date
- Open SBOM standards such as OWASP’s CycloneDX(opens in new tab) and interoperability will become a basic prerequisite for successful vulnerability testing
Providers that want to be resilient will therefore need to upgrade not only technically, but also in terms of organisation and regulation – and be prepared to take responsibility for the entire supply chain.
Resilience in the context of global cloud infrastructures
Dependence on US cloud providers poses geopolitical and legal risks to data security in terms of data confidentiality and availability. There are technical and organisational options for staying or becoming resilient. The disadvantages of each must be taken into account:
- Hold Your Own Key (HYOK): All data passes through an encryption proxy. This increases security, but is also more expensive and limiting.
- Confidential computing: Data remains encrypted and is only decrypted in the CPU – but here, too, there are residual risks in the form of security loopholes.
- Hybrid architectures: These allow sensitive data to be stored and backed up locally. But it must be ensured that this is not processed in a cloud – for example, when antivirus software scans files online for malware.Companies must understand and be able to control their data streams to actively shape their resilience.
Companies must understand and be able to control their data streams to actively shape their resilience.
Human resilience: collaboration with AI
Can AI help in cybersecurity to strengthen defences and thus resilience? A meta-study by ETH Zurich has revealed that teamwork isn’t always better than people or AI alone. What matters is distributing tasks in a way that plays to the respective strengths of humans and machines:
- If people are the better fit for certain tasks, then collaboration with AI can improve performance
- If AI is the better fit, it should take over – with humans remaining in the loop
- The ‘match’ between the AI model and the human model is crucial
- Trust in the systems and in people’s abilities is the basis for resilience
Conclusion: resilience as a strategic superpower
Resilience is not just a nice-to-have, but the decisive factor for surviving in an uncertain world. Organisations that view resilience as a strategic superpower can not only fend off attacks, but also seize opportunities – and remain effective even when the unexpected occurs. The 2025 Swiss Cyber Storm showed that resilience is teamwork, technology, organisation and attitude all at once. It is the superpower that no one sees – but that decides everything.