Creating a blueprint for cybersecurity resilience

Measures to reduce the likelihood of attacks and limit their impact

October 01, 2025
#
Risk consulting Cybersecurity

The current cybersecurity threat environment is an ongoing, critical challenge for companies across all industries. Threat actors are leveraging emerging innovations such as artificial intelligence to launch sophisticated attacks. An increasing reliance on vendors and third parties can create additional vulnerabilities without effective protective measures in place. With recovery costs at an all-time high and reputational risks and regulatory requirements on the rise, companies need to take a proactive approach to protecting their sensitive data and intellectual property.

Nearly one in five companies (18%) reported experiencing a data breach in the last year in the RSM US Middle Market Business Index Special Report: Cybersecurity 2025. With the frequency and evolving nature of cybersecurity attacks, the likelihood of a breach attempt is high. Therefore, companies need to implement a double-faceted strategy to counter potential risks—taking actions to limit the company’s attack surface and establishing an effective resiliency plan for when an attack occurs. 

The following five steps can help companies focus on these two main goals and establish an effective foundation to strengthen ongoing cybersecurity efforts.

Double down on fundamental protections:

Companies need to invest in strong identity management (multifactor authentication, access governance and user training) as a first line of defense. Data shows that these controls can reduce internal mistakes and blunt many attacks before they can cause harm.


Manage vendors and third parties:

Cybersecurity should be treated as a team sport across the supply chain. Companies should perform comprehensive due diligence on vendor and third-party security practices and demand improvements where weaknesses are found. Sharing threat information and requiring incident notification from vendors can buy time to respond. It’s important to remember that an attack on any one of a company’s providers or vendors can create significant ramifications for their business, as seen in recent supply chain ransomware events that have affected thousands of organizations.


Embrace the cloud securely:

The cloud can offer enterprise-grade security capabilities, but only if configured and used correctly. Companies should leverage cloud providers’ security tools—from encryption to continuous monitoring—and consider trusted advisors or managed services providers to fill any gaps in cloud security know-how. Companies can’t assume cloud data is safe simply by default; it should always be verified. Regular audits for misconfigurations should take place, as well as periodic practice to recover from cloud backups in the event of a ransomware attack.


Stay ahead of emerging threats:

Organizations must stay informed about how new technologies like AI can introduce novel threats. For example, protocols should be in place to verify unusual requests (especially those made over phone or email) through secondary channels to counter evolving deepfake scams. What might have seemed like an outlier attack technique just a year ago can quickly become commonplace and extremely harmful. Incorporating threat intelligence into organizational security strategies can help companies anticipate shifts such as the recent surge in business email compromise tactics.


Incident response and resilience:

Finally, companies need to accept that no defense is 100% secure and increase their focus on resilience. An incident response plan should be developed, implemented and regularly updated to reflect the current threat environment. This plan should include specific playbooks for major attack types highlighted in the NetDiligence and RSM US reports—ransomware lockdowns, business email compromises and third-party breaches. In addition, companies should conduct regular tabletop exercises with their cybersecurity teams to ensure everyone understands how threats can manifest and their role in the event of a crisis. Also, cyber insurance should be a key consideration in a thorough risk mitigation strategy, although insurance should be viewed as a safety net, not a substitute for good security practices.


Conclusion

No matter how effective and mature a company’s control environment and cybersecurity defenses are, no one is completely immune to a data breach. Threat actors also have an extensive number of advanced tools at their disposal and are quick to act on gaps or vulnerabilities, whether they arise from unpatched servers, compromised security credentials or insufficient security at a vendor or supplier.

Protecting data and safeguarding sensitive information presents an increasingly challenging task. But, with the level of risks and costs involved, companies must be agile and proactive to stay ahead of those who seek to do harm. By shrinking the overall attack surface and establishing a more resilient environment, companies can mitigate current and future risks and limit damage if and when an attack occurs. 

RSM contributors

  • George Kohlhofer
    Principal

The cost of a data breach: 2025 NetDiligence Cyber Claims Study

A report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.

Contact our cybersecurity professionals

Complete this form and an RSM representative will be in touch shortly.