The Internet of Things is interconnected in nearly every aspect of modern society. Computers run the government, banks, public utilities, and even household appliances, such as refrigerators. Ideally, the owners of these devices would prefer to keep cyber attackers from infiltrating their devices, protecting sensitive data, and avoiding costly network device disruptions. However, cyberattack prevention is not always possible due to several reasons, including a lack of funding for technical support and inadequate cybersecurity awareness. This implies that organizations must consider the system's resilience, or its ability to recover from catastrophic loss, instead of focusing entirely on cyberattack deterrence. This dissertation employs probabilistic risk analysis (PRA) and leverages simulation to address the problem of cyber resilience in two phases. The first phase simulates cyber attacks against the network to determine the cost of the cyber attack from a financial, productivity, and reputational perspective. The second phase examines the application of various cybersecurity controls within the organization's economic constraints to mitigate the expected disutility of a cyberattack. The result is a recommended set of cybersecurity controls for an organization to implement, tailored to its network structure and financial resources.