Cybercrime is on the rise. With the ongoing digitization of our society, it is expected that, sooner or later, all organizations have to deal with cyberattacks; hence organizations need to be more cyber resilient. This paper presents a novel framework of cyber resilience, integrating models from resilience engineering and human behavior. Based on a pilot study with nearly 60 small and medium-sized enterprises (SMEs) in the Netherlands, this paper shows that the proposed framework holds the promise for better development of human aspects of cyber resilience within organizations. The framework provides organizations with diagnostic capability into how to better prepare for emerging cyber threats, while assuring the viability of human aspects of cyber security critical to their business continuity. Moreover, knowing the sources of behavior that predict cyber resiliency may help in the development of successful behavioral intervention programs. © Springer Nature Switzerland AG 2020.