Cyber resilience is becoming a strategic business question, requiring CISOs to assume business responsibility and integrate regulatory requirements into governance processes.