A resilient cyber security programme is all about deterring and resisting attacks and to detect and recover, returning to normal operation with minimal downtime.
A maturity model helps an organisation assess its effectiveness at achieving a particular goal, in particular they can pinpoint where practices are lacking.