Table of Contents
When the UK’s National Cyber Security Centre tells executives to print out their contingency plans, it’s more than a quaint suggestion — it’s a reality check. In an era defined by automation, AI, and self-healing networks, one of the world’s top cyber authorities is reminding us to do something profoundly analog: keep a paper copy of your plan.
That single recommendation captures a truth many organizations have quietly forgotten. As we automate more of our defenses and delegate more decisions to digital systems, we’ve lost sight of what resilience actually means. It’s not about preventing every outage. It’s about continuing to operate under difficult or impaired circumstances — maintaining capability even when conditions are far from ideal.
The Misconception: Cybersecurity Equals Resilience
Too many organizations still believe cybersecurity and resilience are the same thing. They’re not. Cybersecurity is focused on prevention and protection; resilience is about sustaining operations when conditions are challenging or disrupted. Both depend on adaptability — but they address different dimensions of readiness.
We’ve made great strides in hardening infrastructure and improving detection. But when a company can’t function without its email system or cloud platform, that’s not progress — it’s dependence. And dependence is the enemy of resilience.
Lessons From the Recovery Room
Those of you who have been through disaster recovery exercises may recall how plans that look flawless on paper often meet a harsher reality. At Sungard’s recovery centers, I watched teams with strong technical skills still struggle because they depended on systems that didn’t have clear recovery procedures. Networks, authentication, and backups often had undocumented dependencies that left everyone waiting for someone who truly understood how it all fit together. The breakthrough moments came not from technology, but from people — the engineers and leaders who could piece things together, communicate clearly, and move forward despite incomplete information.
Those experiences underscored a simple truth: resilience lives in understanding. It grows from documenting the systems and dependencies that matter most — and from keeping that documentation usable when you need it most. Resilience isn’t paperwork for its own sake; it’s the ability to restore critical functions and maintain service availability when core systems go offline. The organizations that recovered fastest were those that had both clear, accessible recovery plans and people who knew exactly how to execute them under pressure.
The Human and Operational Core of Resilience
That’s what the NCSC’s recommendation gets right. Printing your plan isn’t nostalgia — it’s a reminder to think about what happens when the network is gone. How will your teams communicate? How will they prioritize? Who knows what to do when the screens go dark?
Resilience isn’t digital. It’s operational. It lives in people who understand their systems well enough to rebuild them without automation. It lives in leaders who can direct teams through uncertainty, even when the dashboards are offline.
Resilience engineering — the NCSC’s term — is really about rediscovering that muscle. Anticipate. Absorb. Recover. Adapt. Those aren’t technical functions. They’re organizational behaviors.
When the Screens Go Dark
When we talk about “resilience,” we often picture backup power, redundant servers, or failover sites. But resilience doesn’t start in a data center. It starts in a conference room — with people who know how to make decisions when everything else has failed.
The irony is that in a time of unprecedented technological sophistication, our greatest strength still lies in the analog: clear communication, institutional knowledge, and practiced human response.
Cybersecurity can buy time. But resilience is what keeps the lights on.
When the screens go dark, leadership becomes analog. The organizations that thrive will be those that remember resilience isn’t something you install — it’s something you practice.
There’s no cavalry coming. But if you know how to operate without the system, you’ll never need one.
