Imagine rushing through a crowded airport with your locked suitcase. Before you can get to your closing gate, someone steps in front of you, blocking your way. Your belongings are safe in your suitcase, but you can’t proceed with your travel plans. In this analogy, your suitcase functions like cybersecurity — protecting against the attacks you can anticipate. However, because you’re lacking cyber resilience — the ability to withstand unanticipated disruption — your travel plans are foiled nevertheless.
Cybersecurity and cyber resilience are distinct concerns, and understanding the difference is key to preparing an effective response to cyberthreats. The misconception that a cybersecurity program can substitute for cyber resilience is potentially disastrous. While cybersecurity focuses on keeping attackers out, cyber resilience aims instead to minimize the mayhem caused by attackers who do manage to penetrate networks.
Get Updates on Innovative Strategy
The latest insights on strategy and execution in the workplace, delivered to your inbox once a month.
Please enter a valid email address
Thank you for signing up
As cyberthreats evolve, cybersecurity ratings are poised to become as important a factor as credit ratings, making failure to implement a professional cyber resilience program more than a reputational risk. A thoughtfully designed cyber resilience program will become not only a competitive advantage but a requirement for sustained growth.
The four-phase cyber resilience framework described here — preparation, detection, response, and recovery — can enhance an organization’s capacity to sustain operations through a cyberattack while minimizing both disruption and reputational harm. Stakeholders involved in developing such a plan may include C-level executives such as the CIO and chief information security officer (CISO), along with the security operations center and the incident response team. This article explores each of the four phases and provides examples of the types of challenges companies encounter, as well as opportunities for becoming more cyber resilient.
Phase 1: Preparation
Effective preparation is a collaborative effort of greatest importance and directly proportional to the effectiveness of the resilience plan as a whole. This first phase requires the most organizational support in terms of resources and budget and entails collaboration across the organization. Working together, senior leadership, information security experts, and business continuity managers can prepare a comprehensive plan to sustain critical capabilities and operations through a cyberattack. Necessary preparation steps include the following:
Develop cyber governance policies. Begin by defining the organization’s risk tolerance — that is, what you are willing to lose access to for the sake of sustaining operations.