COMMENTARY: Varun Chhabr, senior vice president of infrastructure, telecom and cyber resilience marketing, Dell Technologies

New findings from Dell’s Cyber Resilience Insights research reveal why overconfidence can be a liability—and what executives must do to build true resilience.

When it comes to cyber resilience, confidence is a double-edged sword. On one hand, it unites teams and inspires trust. But when confidence overshadows reality, it can leave vulnerabilities undetected—waiting to unravel when the stakes are highest. We call this the confidence–capability gap, and for many organizations, it represents a significant, unaddressed risk.

The latest Dell Cyber Resilience Insights research underscores this disconnect. More than two-thirds (69%) of IT leaders believe their executive leadership overestimates their organization’s readiness for a major cyber event. It’s a correct perception, as 53% of organizations failed to fully recover during their most recent drill or incident. The data shows that many enterprises operate with a false sense of readiness, even as the threat landscape grows more complex and disruptive.

This gap often stems from an over-reliance on prevention alone. While crucial, a prevention-first mindset can create a false sense of security, leaving organizations vulnerable when an incident inevitably occurs. In fact, our research shows a clear imbalance, with most organizations (86%) prioritizing prevention over recovery.

Human nature also plays a role in this disconnect. Although cyber threats remain ever-present, the perception that “we’ve spent enough on prevention and haven’t had a major issue yet” can lead to a false sense of confidence. Additionally, there’s often a reluctance to challenge leadership with hard truths about an organization’s cybersecurity posture, further perpetuating the gap.

The stakes are higher than ever

The good news: maturity makes a measurable difference. Organizations with mature cyber resilience strategies are nearly three times more likely to recover successfully from a cyber incident than their less advanced peers. Their results prove that resilience is achievable when it is treated as a discipline—continuously tested, validated, integrated, and automated.

It’s tempting to think about cyber resilience purely in terms of technology—firewalls, backups, and detection platforms. But we determine resilience not by isolated tools, but by how well systems work together under pressure. A failed service level agreement (SLA) isn’t just a number on a dashboard; it’s an outage, a loss of data, and a hit to customer confidence.

Fortify the future with AI

The challenge gets compounded by the speed of AI-driven threats. Ransomware now targets the unstructured data critical to AI workloads, and adversaries are experimenting with techniques that manipulate or corrupt data to influence outcomes. As attackers evolve, they exploit not only the gaps between systems but also the imbalance in many organizations’ security approaches.

AI has become an impetus for progress, but its value depends on the trustworthiness of the data that feeds it. The research shows that many organizations are already using AI and machine learning to strengthen their cyber defenses. For example, 62% use it to scan backup data for indicators of compromise, and organizations with more mature strategies are far more likely to adopt AI-driven playbooks for mitigation and recovery.

Imperatives for building real resilience

This is a critical trend. Cybercriminals are automating their tactics, and forward-thinking organizations are responding in kind. Automated detection and recovery not only close the gap against evolving threats but also simplify the process of testing resilience. When recovery workflows depend less on manual processes, organizations can validate their readiness more frequently and with greater confidence.

Protect the crown jewels: Identify the data and systems without which the business cannot function, and ensure they remain uncompromised, even under the most extreme conditions. Detect the quiet disruptions: Modern threats often manifest as subtle anomalies, like rogue deletions or corrupted datasets. These are easily missed without continuous monitoring and AI-driven threat detection to shorten response times. Test recovery readiness often: Recovery isn’t defined by having a plan, but by how often that plan is practiced and refined. The evidence is clear: organizations that test their recovery monthly or more frequently are far more likely to meet their SLAs and achieve successful outcomes. Integrate across the lifecycle: Mature organizations show that resilience is more than a set of tools. By connecting prevention, detection, and recovery practices, they reduce blind spots and ensure testing translates into effective real-world results. Balance innovation with protection: Emerging technologies like AI create extraordinary opportunities but also new vulnerabilities. The most advanced organizations embed resilience into their innovation roadmaps so that progress is protected, not paused, when threats strike.

The research makes one point clear: resilience does not get defined by how confident an organization feels, but by how consistently it can recover when it matters most. A few imperatives stand out:

While it's within our reach to close the confidence–capability gap, it requires decisive action. Organizations can no longer rely on unproven strategies or the assumption that past prevention measures alone guarantee readiness. By frequently testing, integrating defenses, and adopting automation, you can build a resilient foundation for your business.

Sustaining that resilience over time demands more than technical measures—it requires a cultural shift. IT leaders must feel empowered to present an honest assessment of their organization’s security posture, and executives must confront uncomfortable truths. When leadership understands the operational realities and IT teams grasp the strategic priorities, cyber resilience can and will work.

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.