Develop Your Cyber Resilience Plan

A four-part framework can help you create an effective cyber resilience plan to minimize damage and sustain operations through a cyberattack.

Reading Time: 11 min 

Topics

Digital Resilience

Today, leaders across all business units must be able to answer a critical question: How secure are we? This series examines how managers can build digital resilience to compete in the new digital economy, where companies need to protect against not only cyberattacks but also technical debt and digital weak points within their infrastructure and teams.
More in this series

Imagine rushing through a crowded airport with your locked suitcase. Before you can get to your closing gate, someone steps in front of you, blocking your way. Your belongings are safe in your suitcase, but you can’t proceed with your travel plans. In this analogy, your suitcase functions like cybersecurity — protecting against the attacks you can anticipate. However, because you’re lacking cyber resilience — the ability to withstand unanticipated disruption — your travel plans are foiled nevertheless.

Cybersecurity and cyber resilience are distinct concerns, and understanding the difference is key to preparing an effective response to cyberthreats. The misconception that a cybersecurity program can substitute for cyber resilience is potentially disastrous. While cybersecurity focuses on keeping attackers out, cyber resilience aims instead to minimize the mayhem caused by attackers who do manage to penetrate networks.

As cyberthreats evolve, cybersecurity ratings are poised to become as important a factor as credit ratings, making failure to implement a professional cyber resilience program more than a reputational risk. A thoughtfully designed cyber resilience program will become not only a competitive advantage but a requirement for sustained growth.

The four-phase cyber resilience framework described here — preparation, detection, response, and recovery — can enhance an organization’s capacity to sustain operations through a cyberattack while minimizing both disruption and reputational harm. Stakeholders involved in developing such a plan may include C-level executives such as the CIO and chief information security officer (CISO), along with the security operations center and the incident response team. This article explores each of the four phases and provides examples of the types of challenges companies encounter, as well as opportunities for becoming more cyber resilient.

Phase 1: Preparation

Effective preparation is a collaborative effort of greatest importance and directly proportional to the effectiveness of the resilience plan as a whole. This first phase requires the most organizational support in terms of resources and budget and entails collaboration across the organization. Working together, senior leadership, information security experts, and business continuity managers can prepare a comprehensive plan to sustain critical capabilities and operations through a cyberattack. Necessary preparation steps include the following:

Develop cyber governance policies. Begin by defining the organization’s risk tolerance — that is, what you are willing to lose access to for the sake of sustaining operations.

Topics

Digital Resilience

Today, leaders across all business units must be able to answer a critical question: How secure are we? This series examines how managers can build digital resilience to compete in the new digital economy, where companies need to protect against not only cyberattacks but also technical debt and digital weak points within their infrastructure and teams.
More in this series

More Like This

Add a comment

You must to post a comment.

First time here? Sign up for a free account: Comment on articles and get access to many more articles.