The cyber resilience of organizations within the digital space is critical and relies on three main pillars: gap visibility, security transformation and crisis simulation. Defining the cyber strategy starts with the inventory of the attack surface exposed to malicious actors, both external and internal, using comprehensive and realistic, benchmark-wise security assessments. Reducing cyber-attacks opportunities exposed on this surface, in full alignment with the business strategy and the budget limitations, should follow a holistic, but actionable approach trough a dedicated transformation program. The simulation of worst-case scenarios by the strategic management helps in anticipating and acting on the inherent impact of cyber crises, downgrading them by exercising to normal security incidents, with less reputational, operational and financial consequences.