Due to the hazardous current cyber environment, cyber resilience is more necessary than ever. Companies are exposed to an often-ignored risk of suffering a cyber incident. This places cyber incidents as one of the main risks for companies in the past few years. On the other hand, the literature meant to aid on the operationalization of cyber resilience is mostly focused on listing the policies required to operationalize it, but is often lacking on how to prioritize these actions and how to strategize their implementation. Therefore, the usage of the current literature in this state is not optimal for companies. Thus, this study proposes a progression model to help companies strategize and prioritize cyber resilience policies by proposing the natural evolution of the policies over time. To develop the model, this study used semi-structured interviews and an analysis of the data obtained from the interviews. Through this methodology, this study found the starting points for each cyber resilience policy and their natural progression over time. These results can help companies in their cyber resilience building process by giving them insights on how to strategize the implementation of the cyber resilience policies.