It's 3:00 a.m. Ransomware is spreading through your Microsoft 365 tenant. You isolate the environment to stop the damage and suddenly 10,000 employees have nowhere to work.
Your CEO asks one question: "How long until we're back online?"
If you don't have a fast, confident answer, you have a cyber resilience problem.
The reason most organizations don't have that answer isn't a technology gap. It's a timing gap. When the attack is in progress, it’s too late to begin recovery planning.
As attendees of the Rubrik Cyber Resilience Summit learned, you need to start planning now.
The Old Playbook Is Broken
For years, security strategy was organized around keeping attackers out. Detection. Prevention. Perimeter defense. But the math has always been brutal: attackers need to be right once, defenders have to be right every single time.
In 2026, that math will get worse. According to industry research from Unit 42, exploit windows have collapsed from 32 days to five. CrowdStrike recently reported that attacker breakout times are now measured in minutes, averaging just 29 minutes in 2025. Perhaps most alarming, Rubrik Zero Labs research found that 74% of the time, attackers compromise backups before victims even know they're under attack—disabling the very technology organizations rely on to save the business.
Prevention still matters, but it can no longer be the whole strategy. The question every organization needs to answer is: when attackers get in (and they will) can you recover what matters, when it matters?
Cyber Resilience Means Knowing What Comes Back First
At the Rubrik Cyber Resilience Summit in March 2026, Rubrik discussed a concept that reframes what recovery actually requires: the concept of a Minimum Viable Business (MVB).
Your MVB is the critical combination of people, data, applications, and identities that must be restored for your organization to function in a crisis. That could include your C-suite, legal, finance, the applications they depend on, and the identity systems that let them log in to access any of it.
Building your MVB starts answering a simple question: Can you name the 50 people who need to be online for your company to survive?
If you can't answer that before an attack, you can't answer the CEO's question during one. And that timegap—not backup speed, not storage capacity—is what separates organizations that recover from ones that pay the ransom.
Recovery Requires Two Things
Here's what most recovery plans miss: you have to recover data and identity together, in the right order.
Recover data without identity and your workforce is locked out. Recover identity with corrupted data and there's nothing to access. Both have to come back and the sequencing has to be planned in advance.
This is why Rubrik built its entire platform around answering four questions before an attack ever happens:
What is the scope of the attack?
Where is my clean recovery point?
What sensitive data was exposed?
Can the attacker regain access after restoration?
Traditional tools can't answer these until after recovery begins. With continuous threat detection running against immutable backups, outside your trust boundary and decoupled from production, Rubrik can have the answers ready before you need them.
What "Before" Looks Like in Practice
At the Summit, Rubrik demonstrated this principle across every major launch:
Autonomous Business Recovery for M365 doesn't wait for an attack to figure out what to restore. It maps your critical users, their dependencies, and the recovery sequence in advance. So when the attack comes, you launch your MVB and get back online in hours, not weeks.
Okta Recovery pre-maps the relationships between users, groups, applications, and policies , so identity comes back in the right order, not as a pile of disconnected objects.
Rubrik-CrowdStrike integration closes the loop between detection and recovery before the damage is fully understood , automatically correlating threat alerts with identity changes and scoping the blast radius in real time.
The pattern is the same across all of it: the work happens before the crisis, so the crisis doesn't become a catastrophe.
The Bottom Line
Cyber resilience isn't about having backups. It's about knowing, before anything goes wrong, exactly what needs to come back, in what order, and how fast you can execute.
The organizations that recover from cyberattacks aren't the ones with the most storage. They're the ones that can answer the CEO's most important question, when an attack successfully disrupts the business:
How long until we're back online?
That answer has to exist before you get that 3:00 a.m call.
Join us at Rubrik FORWARD, June 8–11 in Las Vegas to see how the world's leading organizations are building the kind of resilience that answers that question with confidence.
Register at forward.rubrik.com