If you work in cybersecurity today, you probably sleep better than you did five years ago. You’ve got dashboards galore and 24/7 monitoring that lets you “see” risk across cloud, on-premises equipment, SaaS and endpoints.
Datacom’s 2026 Cybersecurity Index – The resiliency gap confirms it: 77% of Australian organisations are confident in their visibility of risks and vulnerabilities, and roughly three‑quarters believe they have the resources to handle an attack.
But visibility is not resilience. Resilience is what’s left when detection has done its job, and you’re still in trouble.
As attackers embrace automation and artificial intelligence (AI), the maths of cybersecurity has broken. For years, we ran a one‑to‑one game: a hacker on their side, an analyst on ours. Today, adversaries use cheap AI to generate targeted phishing at scale, probe every exposed service and infiltrate supply chains with a level of speed and precision that human‑only Security Operations Centres (SOCs) simply cannot match. The volume curve has gone exponential, but your headcount never will.
So, resilience starts with a mindset shift: assume breach, design for the blast radius.
The question is not whether something gets through the front door, but how far it can travel once inside and how quickly you can contain, stabilise and recover. That’s resilience: the ability to take a punch, protect the core and keep operating.
From where I sit, resilience has four pillars.
First, assume a breach and engineer containment. Segment aggressively around critical data and services. When an incident hits, your primary metric isn’t, “Was it blocked?”, it’s “How far did it go?” If the blast radius didn’t get near your crown‑jewel systems and data, you’ve already won half the battle.
Second, automate everything that is repeatable. In a modern SOC, machines should handle the noisy, repeatable triage at machine speed. Humans should sit in the judge’s chair, making context‑rich decisions on the hard problems.
Third, when the lights on the dashboard are flashing red, implement a pre-engineered response plan. Practice that plan. Don’t find yourself in reactive crisis management mode. Feed your platforms with real intelligence – dark‑web chatter, and employ industry‑specific Tactics, Techniques and Procedures (TTPs), so that you’re preparing for the attacks that are actually coming, not the ones in last year’s vendor pitch.
Finally, measure outcomes, not optics. I don’t care how many events you detected last month. I care how many incidents you contained before customers noticed, how long it took to reach a safe operating state, and what permanently changed as a result. Resilience is “mean time to stability”, not “mean time to alert”.
The 2026 Cybersecurity Index shows that Australian organisations understand the threat picture – especially AI‑enabled attacks and phishing – but are still underestimating the operational reality when things go wrong.
Only about 32% of organisations have a business continuity or cyber incident response plan in place, even though most expect to recover from a major incident within a few days. Real‑world cases, here and overseas, suggest it usually takes three to four weeks just to get back to a minimum level of operations. That’s not resilience, that’s optimism bias.
We also see a structural imbalance concerning where money and attention are directed. Detection, monitoring and visibility tools are consistently ranked as top priorities for 2026, while resilience, continuity and recovery planning lag.
Then there’s the changing relationship with Managed Security Service Providers (MSSPs). In this year’s Index, only 45% of Australian organisations report having an MSSP aligned to their business, down from more than half last year. That’s not the death of outsourcing; it’s the death of outsourcing risk.
Boards have realised that a glossy monthly report saying, “We detected 3,000 alerts” is meaningless if no one can answer the only question that matters in a crisis: “What did we stop and how fast did we get back on our feet?” The model is shifting towards co‑sourcing: modern, threat‑informed SOCs working alongside in‑house teams, with shared accountability for outcomes like containment and continuity, not just detection volume.
If you claim high maturity but don’t have a tested continuity plan and robust processes for when systems go down, you’re not resilient. If your SOC reports on alert counts instead of resolved incidents, you’re not resilient. If AI in your organisation is getting more governance attention than the AI‑powered adversaries outside your perimeter, you’re not resilient.
Resilience is not another product to buy or box to tick. It’s the cumulative result of designing for failure, automating the boring work, keeping humans in the loop where judgement matters and practising the ugly scenarios until response is second nature.
We’ve spent the last decade learning to see the punch coming.
In 2026, the organisations that thrive will be the ones that learn how to take that punch – and still stay standing.
Most ANZ organisations can spot threats, but fewer than a third are truly prepared when one breaks through. With AI-powered attackers operating at speeds human teams can't match, resilience now means designing for failure and recovering fast. Datacom's approach treats cybersecurity as both a technology and culture challenge — combining innovative tools with expert people to help your organisation stay ahead, adapt quickly and operate with confidence.
