Cyber resilience: The foundation of small business security

April 18, 2024

What is cyber resilience? And why are we always talking about it at Onwardly?

Well, we're glad you asked.

Cyber resilience refers to your ability to anticipate, withstand and recover from cyber threats and incidents, so that you can continue operating, ensure the integrity of your data, and maintain customer trust.

So... it's pretty important, even for the smallest of organisations.

It's not merely about "doing" security work, it's the peace of mind to know that if something does happen, you'll be prepared.

The three pillars of cyber resilience

There are many pillars of cyber resilience. Some say five, some say six, and well, for us, we keep it simple.

  • Protect: This is how you ensure you're keeping threats at bay and you're building and maintaining the trust of your stakeholders. Without trust, there is no business. Preparation is key to the success of your operations.
  • Detect: This is where your business is proactively ensuring that you have the ability to identify when malicious activity may be occurring, now or in the future.
  • Respond: This is acknowledging when breaches occur, you have the plans to mitigate damage, restore data, and communicate effectively with your team, your customers and your board.

Phil Howie, founder of Onwardly, stresses that "It's not just about having a plan; it's about practicing it. This makes all the difference in a crisis."

He says to be asking these questions:

  • Are you protecting yourself?
  • Are you implementing measures to detect things?
  • Are you practicing and rehearsing and preparing for a way to respond? And this could be anything from, you've got some communication rehearsed and ready to go and making sure that you're able to restore from things like backups properly, and you test it and you understand those are working.
  • How do you measure and identify your maturity?

Assessing and improving cyber resilience

If we answer Phil's last question, it's traditionally not been very simple. In fact, it's been a bit of a challenge -- especially for small businesses.

But, there are tools like CERT Top 10 Critical Controls, as well as Onwardly, where you gain a foundational roadmap that assesses your maturity and sets you up with the tasks to improve resilience.

"Look at what you're doing in each area: protecting, detecting, and responding. Every step forward, no matter how small, counts."

The role of privacy in cyber resilience

Beyond security, privacy is a critical piece of the puzzle.

"It's not just about securing data; it's about respecting individual rights. Businesses must handle personal information with care, ensuring ethical practices and consent," says Phil.

To put it simply: privacy and security go hand in hand, especially for small businesses where roles often overlap.

Cyber resilience vs. compliance

We're no stranger to this topic (we talked in detail about it here). It's worth mentioning when talking about the concept of cyber resilience as compliance ALWAYS comes up.

The core difference? Compliance is about meeting external requirements, while cyber resilience is about doing what's best for you business (thanks Phil for that definition).

Basically, building a resilient organisation begins with foundational measures that align with your business goals.

Taking action on cyber resilience

"What's one thing a small business can do today to boost cyber resilience?" Amie Finlayson, marketing manager at Onwardly, asks Phil.

The answer: "Start by taking it seriously." Phil suggests forming a risk and governance group, even if it's just a couple of dedicated individuals. Make cybersecurity a regular discussion topic within your organisation.


In conclusion, remember that progress doesn't have to be daunting. Small steps, consistently taken, can lead to significant improvements.

You can listen to this episode of our brand new podcast, Super Secure, here. It's under 15 mins and gives you an insight into how easy, fun and accessible cyber resilience can be.

All you need to do is get started (and subscribe to our pod!).

Unbeatable cyber resilience đŸŠč

Winner of 2021 iSANZ Best Startup

"We wanted a solution that was fit for purpose, reflecting our age and stage, while delivering the outcomes we wanted for our customers and people. After looking at what was available, Onwardly stood out as serving this purpose perfectly."

Kendall Flutey

Founder & CEO