We believe the key to achieving enterprise resilience is understanding your application landscape in terms of inter dependencies, SaaS / Critical Third Party dependencies and their criticality level for the business. Once dependencies have been mapped and impact tolerances checked with the business leaders, operational resilience planning & transformation can start.
To budget appropriately and build a mature resilience programme requires an understanding of the business leadership's priorities and challenges. When the most Important Business Services are understood, and severe but plausible impacts documented, the required timeframes for important business services resilience & recovery can be decided on.
Its not IF a cyber incident will hit you its when (unfortunately). From our experience the only way to reduce cyber incident Recovery Time (and to stay within agreed Impact Tolerances) is to test with plausible scenarios and threat led intelligence. For example bringing back applications in other cloud zones and leveraging knowledge from application inter dependency mapping.