TL;DR: Modern cyber resilience depends as much on communication, coordination, and pre-built trust as on detection and recovery technology, according to Commvault’s discussion with Blue Yonder leaders. The practical lesson is that response quality is now judged in real time, and silence or weak internal alignment can damage confidence faster than the incident itself.
NHIMG editorial — based on content published by Commvault discussing cyber resilience, trust, and incident communication
Questions worth separating out
Q: How should security teams build trust into cyber resilience planning?
A: Security teams should treat trust as an operating model, not a message to send after something goes wrong.
Q: Why do tabletop exercises matter beyond compliance?
A: Tabletop exercises matter because they reveal whether response roles, privileged access, and communication paths actually work together under stress.
Q: When does incident response become a trust problem?
A: Incident response becomes a trust problem as soon as stakeholders judge the organisation by how it communicates and coordinates, not only by whether systems recover.
Practitioner guidance
- Map incident authority and privileged access paths Document who can approve, enact, and verify emergency access during a cyber event, including communications and legal stakeholders.
- Run tabletops that test access and messaging together Use exercises to validate whether technical responders, executives, and communicators can coordinate under pressure with the correct access rights and decision authority.
- Build third-party response expectations into supplier assurance Require suppliers to show how they will communicate, escalate, and coordinate when an incident affects shared operations.
What's in the full article
Commvault's full discussion covers the operational detail this post intentionally leaves for the source:
- How Blue Yonder structures trust as an operating model across security, leadership, and communications.
- How the first 60 minutes of response shape customer confidence during a live incident.
- How tabletop exercises are used to rehearse escalation, coordination, and decision-making under pressure.
- How supply chain environments change the stakes of resilience when disruption can ripple across many organisations.
👉 Read Commvault's discussion on operational trust and cyber resilience →
Cyber resilience and operational trust: what should teams change?
Explore further
Operational trust is a governance outcome, not a communications afterthought. The article shows that resilience breaks down when security, communications, and leadership operate as separate functions instead of a coordinated response model. That separation creates avoidable delays in escalation, messaging, and decision ownership. Practitioners should treat trust as a measurable operating condition across IAM, PAM, and incident governance.
A few things that frame the scale:
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%), according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable for operational trust during a cyber incident?
A: Accountability sits with the leaders who own security, communications, operations, and recovery decisions, but it only works if their roles are defined before an incident starts. Shared accountability without clear authority usually produces delay. The practical test is whether each function knows what it can approve, say, and change.
👉 Read our full editorial: Operational trust is now central to cyber resilience programmes