Cybersecurity resilience or business resilience, in general, starts with a well-thought plan.
This plan needs to articulate the mission of the business; what are the possible threats (business disruptors, natural, man-made, technology, etc ); what are continual activities to monitor and sustain the business and what are the contingency plans to be developed and exercised. It’s this simple.