Cyber resiliency of application data is provided. An air gapped network is established for storing a point-in-time copy of application data corresponding to a
workload running on a production infrastructure to decrease continuous network
exposure of the point-in-time copy on a secondary infrastructure. A set of point-in-time copies is selected for testing the application data corresponding to the
workload for validation on the secondary infrastructure. The set of point-in-time copies are validated on a periodic basis by applying cyberattack forensics, deep scanning,
malware detection, and application level validation tests. An appropriate point-in-time copy is identified in the set of point-in-time copies to recover the application data corresponding to the
workload. The application data corresponding to the workload are recovered to provide the cyber resiliency of the application data during cyberattack using the appropriate point-in-time copy.