Digital risk prevention: Five steps to cyber resilience for businesses

Johannesburg - Cyber threats are among the most critical risks for businesses. The volume of incidents continues to rise, resulting in unprecedented losses and posing a threat to critical infrastructure and economic stability. Recent studies show: cyberattacks are becoming more difficult to detect and mitigate, as criminals leverage generative artificial intelligence to target a broader range of sectors.

David Bartolini, Head of Cyber Risk Engineering Tech at HDI Global, identifies five key areas that businesses should prioritise to strengthen their resilience against cyber threats.

For its latest report, the European cybersecurity agency ENISA analysed nearly 4,900 incidents between July 2024 and June 2025. The report identifies phishing, ransomware, and Distributed Denial of Service (DDoS) attacks as the primary threat vectors currently affecting businesses of all sizes and sectors across the European Union. Cyber resilience must therefore be treated as a strategic priority. The following five approaches serve as a guideline.

1. Continuous awareness training for employees     

Human error remains a considerable risk: According to the ENISA report, around 60 percent of all cyber incidents can be attributed to human error. Attackers are particularly successful via email and through social engineering tactics. Therefore, companies should regularly conduct awareness training for their employees, which includes simulated phishing attacks. Particularly effective countermeasures further encompass practical attack simulations and Readiness Workshops offered as part of some cyber insurance policies. However, awareness often increases only temporarily after an incident. Sustainable, ongoing training and education are essential.

2. Updating software and closing security gaps       

Cybercriminals prefer to attack outdated software with known vulnerabilities. Implementing consistent patch management can reduce the likelihood of damage. Unpatched systems are considered gateways for attackers. Targeted risk engineering and continuous review of critical infrastructure are not only effective but indispensable.

3. Network segmentation and technical security       

In times of remote working, companies' digital presence has expanded, creating new avenues for cyber criminals. For instance, there is a marked rise in DDoS attacks. Professional IT measures such as Network Segmentation, Endpoint Detection and Response, Security Information and Event Management, and the establishment of a security operations centre enable early detection and isolation of compromised systems. The principle of minimal access rights also minimises damage.

4. Managing third-party and supply chain risks        

External partners are also a source of cyber risks. Following an attack, many companies begin to invest in new hardware and software and examine their suppliers more closely. As indicated by the ENISA report, supply chain attacks account for over ten percent of documented threats. Compromised software repositories and vulnerabilities at third-party providers, which have led to widespread security incidents across Europe, are of particular concern. Essential mitigation measures include adding cybersecurity clauses to contracts, providing proof of security standards, and conducting joint infrastructure testing.

5. Preparing for emergencies: backups and crisis drills       

Complete prevention is impossible. The average operational downtime after a cyberattack is 4.2 days, rising to 5.5 days for small businesses. Regular backups and tested recovery plans are crucial to minimise downtime and data loss.

Comprehensive risk analysis enhances cyber resilience      

Prevention and holistic protection pay off: Companies with high security levels resume operations around 36 hours faster and incur costs that are ten percent lower per incident. Leading insurers act as a partner in transformation for the industry and SMEs, providing active support to clients and developing solutions that strengthen resilience and insurability. Through tailored consulting and a comprehensive product portfolio, companies receive targeted support for their digital transformation.