In today’s complex digital landscape, many organizations struggle to answer a fundamental question: Are we resilient? As Melissa Cohoe, Global Security, Risk and Resilience Strategist at NewRocket, points out, one of the most persistent challenges in cyber and operational risk management is a lack of visibility. “Many organizations simply don’t know what their biggest risks are,” she explains. “They’re working from outdated tools like spreadsheets and lack the real-time insight required to make confident decisions.”
According to Cohoe, the key to building resilience lies in shifting the focus away from tactical fixes—like asking for a “blue button”—and instead, aligning technology initiatives with business outcomes. It’s not a question of whether a platform has a specific feature, she says, but rather what outcome you’re looking to achieve and which business problem you’re trying to solve. At NewRocket, this business-aligned approach combines deep practitioner expertise with a broad understanding of technology capabilities to deliver integrated, outcome-driven solutions.
A Structured Path to Cyber and Operational Resilience
To begin, Cohoe urges organizations to define a clear “North Star” for resilience and progress toward it in phases. Start by improving visibility into your risk posture to support better decisions, then take measurable actions to reduce exposure—closing issues faster, strengthening controls, and expanding coverage.
Explore related questions
Resilient organizations focus first on protecting their most critical assets and integrating data across risk, compliance, and security functions for a unified view. NewRocket’s framework begins with identifying essential assets, assessing related risks, aligning policies with regulations, and ensuring ownership and accountability.
Recovery plans must be adaptable and impact-focused—not tied to specific incidents—and third-party risk must be governed just as rigorously. Most importantly, culture underpins everything: with human behavior driving 63% of breaches, resilience must be embedded as a shared responsibility across the organization.
Responsible AI Governance: A New Frontier
As generative AI moves to the forefront of enterprise innovation, many organizations find themselves unprepared to manage the risks it introduces. Cohoe notes that while regulatory frameworks like the EU AI Act and NIST AI RMF are emerging, much of the field remains undefined.
Her advice mirrors her guidance on cyber risk: define your North Star and begin with small, actionable steps. One effective starting point is assessing AI readiness across the organization—ensuring that teams understand the opportunities, risks, and governance mechanisms required to adopt AI responsibly.
Effective AI governance begins with clarity: identifying areas where AI can add value, understanding the risks of model bias, data misuse, or regulatory exposure, and then applying controls to safeguard these innovations. Organizations that implement AI governance realize outsized returns. Research suggests that effective governance can increase the business value of GenAI initiatives by as much as 50%, driven by higher adoption and more consistent alignment with strategic objectives.
Moreover, ethical implications—such as bias, privacy, and customer impact—must be embedded in the governance framework. Ensuring responsible AI development requires anonymized, consent-based data practices and transparent model oversight. These practices aren’t just regulatory requirements—they are essential to maintaining trust and long-term success.
The Strategic Imperative: Resilience, Insight, and Innovation
Cohoe’s message is clear: Business leaders must move beyond superficial solutions and address the deeper, systemic challenges of risk and resilience. By anchoring programs to business goals, integrating data and processes across functions, and embedding a culture of accountability, organizations can position themselves for long-term operational resilience.
And as AI becomes central to enterprise strategy, responsible governance is no longer optional—it is the foundation for sustainable, trustworthy innovation. Whether tackling cyber threats or embracing AI, technology leaders must define their direction, take measured steps, and create the conditions for confidence and control.
What This Means for ERP Insiders
Align risk management with business outcomes to build operational resilience. Instead of relying on fragmented tools and tactical fixes, organizations should define a clear “North Star” for resilience that aligns with strategic business priorities. Start by identifying critical assets, improving visibility into risk posture through integrated data, and then take iterative steps to reduce exposure. Measure success by improvements in decision-making, faster issue resolution, and stronger control performance.
Treat culture as a core enabler of resilience and security. Resilience is not just a technical challenge—it’s an organizational mindset. Invest in training and awareness that empowers employees to make secure choices and understand their role in managing risk. Build accountability into operations, especially around ownership of key systems and compliance obligations. A culture that values security and risk mitigation is essential to long-term resilience.
Establish a scalable AI governance framework before accelerating adoption. With the rise of generative AI, proactive governance is critical. Begin by assessing your organization’s AI readiness—understand where AI is being used, what risks are involved, and who is responsible. Define ethical and regulatory guardrails that enable innovation without compromising trust. Organizations that implement structured governance early can increase the value of GenAI initiatives by up to 50%, through safer, more widespread adoption.
