Warnings around Anthropic’s Claude Mythos earlier this year pushed AI-driven cyber threats even further into the spotlight. Reports surrounding the model’s ability to autonomously identify vulnerabilities and carry out complex attack simulations raised fresh concerns about how quickly offensive cyber capabilities are advancing. As organisations are becoming more dependent on interconnected digital systems, ransomware attacks are also progressing beyond traditional data theft alone. Their new target: operational disruption.
That growing pressure is forcing organisations to rethink what cyber resilience actually means in practice. The focus is shifting away from whether attacks can be prevented entirely and towards how quickly businesses can detect threats, recover operations and return to business as usual.
When disruption becomes the objective
Ransomware attacks now extend far beyond locking files or encrypting systems. The longer organisations remain offline, the greater the financial and reputational fallout becomes.
Mark Molyneux, Field CTO North Europe at Commvault, explains: “Ransomware remains one of the most disruptive cyber threats organisations face because attackers are no longer just targeting data. Instead, they are centring their efforts on operations, recovery processes and an organisation’s ability to continue functioning under pressure.”
This shift is becoming particularly visible in sectors where downtime quickly impacts customers. Abdelkader Keddari, VP EMEA Solution Engineering at Fluent Commerce, highlights this: “Over the past year, high-profile ransomware attacks on major UK retailers have exposed the harsh reality that many still rely on outdated legacy systems which leave them vulnerable and slow to respond. When trust is breached, particularly where customer data is concerned, the damage to brand reputation and revenue can be severe.”
The wider issue is that operational disruption now spreads quickly across interconnected systems. “Without real-time insight, retailers can’t track stock or reroute orders, leading to empty shelves, unfulfilled promises and disappointed customers. Retailers who were targeted weeks ago are still experiencing the fallout, and there is no end in sight,” Keddari continues.
Why early detection is key
As ransomware attacks become faster and more sophisticated, resilience is increasingly being defined by response times rather than prevention alone. Many traditional cybersecurity approaches were built around the assumption that organisations would have time to identify and resolve vulnerabilities before attackers could exploit them.
Shobhit Gautam, Staff Solutions Architect – EMEA at HackerOne, explains why this assumption is outdated, noting that ransomware risk is no longer defined by the number of vulnerabilities an organisation has. Instead, he shares how it’s defined by “how quickly they can remediate them. The time between vulnerability disclosure and exploitation has now reduced to less than a day, or even just a few hours. Attackers are becoming faster at identifying and exploiting vulnerabilities as they adopt AI and weaponise its capabilities. As the risk of ransomware attacks grows, security programs built around lengthy triage and remediation cycles are no longer sustainable.”
This pressure is pushing organisations towards more continuous approaches to cyber resilience, particularly around monitoring and threat exposure management.
Gautam adds: “It is up to defenders to identify these risks before attackers can. While fortunately, discovery is scaling quickly, validation, ownership and remediation are not. Unless businesses can act on these insights, the situation will only get worse. It is key that the focus be on reducing the window of exposure and acting on vulnerability discovery quickly.”
Resilient operations as a defence strategy
For many organisations, that shift is forcing a wider rethink of cybersecurity strategies. Prevention still matters, but businesses are increasingly recognising that resilience depends on maintaining business continuity when disruption occurs.
“This is why resilient operations, or ResOps, could fundamentally change how organisations approach cybersecurity,” Commvault’s Molyneux emphasises. “Organisations must have the ability to detect anomalies early, isolate threats quickly and recover cleanly into secure environments without reintroducing malware or extending downtime. Cybersecurity aims to keep threats out. ResOps prepares you for when they get in, which they will.”
Similarly, Stephan Badesha, CISO at Node4, details how layered approaches are becoming the norm. “A proactive, layered approach is essential,” he argues, “incorporating continuous monitoring, robust access controls, well-tested backup and recovery strategies, and ongoing employee awareness programmes. Harnessing AI can also be a significant advantage, allowing businesses to detect anomalies and respond to threats in real time.”
Operational resilience is also closely tied to infrastructure decisions. Fluent Commerce’s Keddari advises: “To stay resilient, investment in technology like cloud-native Order Management Systems and Distributed Order Management (DOM) is essential. These tools give retailers the ability to respond quickly and effectively, protect sales, and uphold customer confidence, even in the case of a breach.”
The crucial road to recovery
The reality suggests that ransomware is unlikely to slow down. AI is reducing barriers for attackers while increasing the scale and speed of malicious campaigns. Resilience is now being measured not by whether an incident occurs, but by how effectively operations can continue when one does.
Node4’s Badesha concludes with a reminder that, “while these attacks may seem increasingly unavoidable, organisations that prioritise resilience over prevention alone are better positioned to reduce the impact and recover more quickly.”
As businesses reflect on Anti-Ransomware Day this year, the conversation is becoming less focused on whether attacks can be stopped entirely and more focused on readiness and recovery. Organisations that respond fastest, recover cleanly and maintain operations under pressure are likely to be the ones that come through attacks successfully.
Government support is there - but it’s underused
The UK Government offers schemes like Cyber Essentials to help organisations, particularly SMEs, improve their baseline defences. But the uptake remains limited. Many businesses either don’t know these programmes exist or fail to see their relevance. That’s a missed opportunity.
Stronger engagement is needed, from government, industry bodies, and larger enterprises that can lead by example. Better communication, clearer incentives, and simpler onboarding processes would go a long way in increasing adoption and improving collective resilience.
Cybersecurity as a shared responsibility
The digital economy doesn’t work in isolation. Whether you’re a start-up, a charity, a public institution, or a multinational corporation, your security depends on the actions of others as much as your own. That’s why cybersecurity must be seen not just as an internal function, but as a shared responsibility across sectors.
The 2025 Cyber Security Breaches Survey is more than a collection of statistics; it’s a warning. It shows us that the threats are real, frequent, and increasingly sophisticated. But it also reveals the gaps: in leadership, in preparation, and in collaboration. If businesses continue to treat cybersecurity as a low-priority IT issue, the damage will keep mounting. Now is the time to move from discussion to decisive action.
