A simple update. That’s all it took.
Michelle was locked out of every system — email, HR portal, even the virtual meeting rooms. While her phone buzzed as colleagues called in a panic, the same thing was happening across departments. Admins couldn’t access the cloud console. Engineers were denied login to critical infrastructure. Even customer accounts were mysteriously suspended.
The culprit? A coordinated identity attack that compromised the company’s single sign-on provider. No systems were down, but no one could get in. The business was operationally paralyzed.
This is the new reality: cyberattacks no longer just disrupt systems — they displace identities. And when that happens, business continuity, as we know it, crumbles – impacting the bottom line and customer trust.
In this blog, I’m teaming up with the security and AI company, Rubrik, to explore this critical shift. Together, we’ll unpack why identity has become the new battlefield and what cybersecurity leaders must do to rethink business continuity in this evolving threat landscape.
The New Danger Zone for Cybersecurity Leaders
For years, cybersecurity leaders have concentrated on protecting endpoints, networks, and data stores. But identity — both human and non-human, the very fabric that grants access, delegates roles, and verifies trust — has become the primary attack vector. Yet, in most continuity and disaster recovery plans, identity remains an afterthought.
In modern enterprises, when attackers compromise identity infrastructure — whether that’s your identity provider, directory service, or federated trust model — they don’t just steal credentials. They assume control. They lock out employees, reroute privileged access, disrupt automated workflows, and even impersonate your executives.
The consequences are immediate and existential:
- Administrators are locked out of cloud platforms during a ransomware incident.
- DevOps pipelines fail because service identities are revoked or modified.
- Customers can’t authenticate, losing access to financial, healthcare, or communication services.
- Executives are impersonated in real-time as attackers hijack email and messaging tools.
In short, without identity, the business ceases to function. Yet, many organizations still view identity security as a technical issue, isolated to IT or the CISO’s domain.
That thinking needs to change — now.
Case Study Spotlight: The Cost of Ignoring Identity Continuity
Take the SolarWinds breach as an example – a cyberattack which cost the company at least US$40 million in the first nine months after public disclosure, and its attack victims 11% of their annual revenue. Attackers didn’t just compromise software updates; they manipulated identity access mechanisms to camouflage their activities in enterprise environments. It wasn’t just the breach itself but the manipulation of identities that amplified organizational chaos, delayed detection, and disrupted recovery efforts. Not to mention the recent Scattered Spider/ Lapsus$ Hunters attacks rolling through aviation, insurance, and retail sectors, leveraging compromised identity providers.
Now consider a hypothetical but plausible scenario: A global financial services firm suffers a targeted cyberattack. While their perimeter defences detect the breach within hours, the attackers manage to corrupt the firm’s centralized identity infrastructure. With no resilient backup for identity services, the company is forced to lock down internal systems to prevent further spread — effectively shutting down operations across global trading desks and customer platforms.
Recovery takes nearly two weeks. In that time, regulatory investigations are launched, millions in transactions are delayed or lost, and public trust is shaken. The regulatory penalties and reputational damage compound the financial loss.
Contrast that with a real anonymized case—a global healthcare provider that had invested in orchestrated identity recovery. When hit by a ransomware attack, their ability to recover their identity environment from an immutable backup allowed emergency teams to contain the threat and restore access to critical systems. Clinical operations resumed within hours, patient data remained secure, and business continuity was preserved.
The lesson is clear. Organizations can’t afford to treat identity systems as a single point of failure. Planning for identity compromise isn’t optional — it’s essential to ensuring operational resilience and minimizing downstream damage.
The Hidden Cost of Ignoring Identity Continuity: People Pay the Price
When identity fails, it’s not just systems and profits at risk—it’s people. Take the cyberattack on Jaguar Land Rover (JLR) in September. The disruption has already cost the company an estimated £120m in profits and £1.7bn in lost revenue. While JLR may be large enough to survive, its supply chain is far more vulnerable. Smaller firms face existential threats, with some unable to pay staff, production lines halted, jobs hanging in the balance and some businesses at risk of closure.
The fallout from a breach doesn’t stop at financial statements—it cascades into livelihoods and mental health. Inside security operations centres, cyber teams often work around the clock. In some cases, they don’t return home for days. The toll is immense.
Rubrik Zero Labs’ recent research highlights this human cost: 96% of IT and Security leaders report significant emotional or psychological impact from breaches, from worries about job security to loss of trust from colleagues. Burnout is accelerating in an industry already grappling with a high-demand, low-density talent pool. We cannot afford to ignore the human element of these attacks
The Blind Spot in Business Continuity
But here’s the uncomfortable truth. Most disaster recovery (DR) and business continuity (BC) plans do not account for identity failure. They cover data backups, redundant infrastructure, and communication trees. But few ask: What happens when no one can log in to trigger the response plan?
Traditional BC/DR assumes that:
- Employees can log in during a crisis.
- Administrators have access to recovery tools.
- Leadership can use communication platforms without barriers.
But in an identity-centric breach, these assumptions collapse. Recovery becomes impossible because the very keys to recovery — the people, the privileges, the platforms — are inaccessible or compromised.
This is where cyber risk becomes business risk. And it’s why identity can no longer live solely under IT or security. It must be a board-level resilience issue.
For CEOs and boards, this represents not just an operational risk but a financial one. An average ransomware attack now costs millions in recovery, fines, and lost business. A failure to invest in identity resilience can lead to even steeper costs if an organization cannot recover swiftly. Identity, in this new digital age, is a core component of enterprise risk management and should demand attention at the highest levels.
The Convergence Imperative: CISOs, COOs & Risk Leaders
In today’s threat landscape, identity security is no longer just a CISO’s responsibility—it’s a Tier 0 service and a top priority for COOs, risk management leaders, and the entire executive team. Without secure and resilient identity systems, there is no “Minimum Viable Business.” As regulatory scrutiny increases, executives are being held accountable for cybersecurity failures, facing not only reputational damage but also potential legal consequences. Operational resilience now depends on treating identity as the foundation of business continuity, requiring seamless coordination between security, infrastructure, and business continuity teams.
Here’s what that alignment should look like:
- CISOs lead the charge by modelling identity threats, hardening authentication pathways, and establishing robust identity failovers.
- COOs ensure continuity planning accounts for identity disruption scenarios — from staff access issues to customer lockouts — to keep operations running.
- Risk leaders integrate identity compromise into enterprise risk assessments, quantifying the business impact and ensuring the board is fully informed.
By working together, these leaders can build an identity continuity strategy that not only strengthens cyber and operational resilience but also protects the organization — and themselves — from the growing legal and regulatory risks tied to cybersecurity failures.
To engage executive effectively:
- Use quantified risks to appeal to business-minded stakeholders. For example, highlight the financial losses from operational downtime compared to the cost savings of proactive investments in identity redundancy.
- Frame identity resilience as foundational to customer trust—an essential asset for long-term revenue growth.
- Provide concrete scenarios illustrating what could happen without redundancy. Words like “paralysis” and “downtime” resonate when tied to financial outcomes.
The Role of Emerging Technologies in Identity Continuity
New advancements are game-changers for reducing identity risks. AI now monitors and flags suspicious behaviour at scale, enabling organizations to pre-empt compromises before they escalate into crises. Zero Trust architectures continuously verify every user, device, and application, shrinking the blast radius of potential attacks. Least privilege and Just-in-Time access ensure users only have the access they need, when they need it, minimizing exposure to sensitive systems. Passwordless authentication eliminates one of the weakest security links, while biometric and hardware-based credentials provide an additional layer of protection against breaches. Together, these innovations create a more resilient identity security framework.
CEOs and boards should view these technologies not just as security upgrades but as enablers of operational resilience. Investments like these can translate into measurable gains, from faster recoveries to improved customer loyalty.
Final Thoughts: From Control to Continuity
Cyber attackers are no longer just targeting your systems—they’re targeting who and what you are in the digital world. Identity has become the control plane of the enterprise, and when it’s breached, business continuity turns into a race against time. The rise of AI and Agentic AI is driving the proliferation of non-human identities, from algorithms to autonomous agents, exponentially increasing the complexity and scale of the challenge. Protecting both human and machine identities is now critical to safeguarding the enterprise.
As security leaders, we must shift our mindset. Identity is not just a security problem — it’s a resilience imperative. And the organizations that thrive in this environment will be the ones that plan for identity compromise not as an edge case, but as a core continuity scenario.
Now I Want You To Do This
It’s time to ask yourself — if your identity infrastructure vanished tomorrow, could your business still function?
If you’re unsure, it’s time to take action.
Sign up for this webinar, where Filip Verloy (Rubrik’s CTO) and I explore step-by-step strategies for building identity continuity into your organization’s resilience framework. This is your chance to learn from industry experts and take the first step toward securing your business for the future.
Don’t leave your organization vulnerable. Register now for the webinar and safeguard your enterprise from the next identity-based attack.
Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this thought leadership blog for Rubrik. Because your success is important to me, I only align myself with brands I believe in, and Rubrik is one of them.
