What is cyber resilience?
Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks.
It helps an organisation protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.
Cyber resilience has emerged over the past few years because traditional cyber security measures are no longer enough to protect organisations from the spate of persistent attacks.
The four elements of cyber resilience
The IT Governance Cyber Resilience Framework recommends a four-part approach to cyber resilience:
1. Manage and protect
First element
The first element of a cyber resilience programme involves being able to identify, assess and manage the risks associated with network and information systems, including those across the supply chain.
It also requires the protection of information and systems from cyber attacks, system failures, and unauthorised access.
Find out more
This stage should cover:
- Malware protection
- Information and security policies
- Formal information security management programme
- Identity and access control
- Security teams are competent and receive regular training
- Security staff awareness training
- Encryption
- Physical and environmental security
- Patch management
- Network and communications security
- Systems security
- Asset management
- Supply chain risk management
2. Identify and detect
Second element
The second element of a cyber resilience programme depends on continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage.
Find out more
This stage should cover:
- Security monitoring
- Active detection
3. Respond and recover
Third element
Implementing an incident response management programme and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyber attack, and get back to business as usual as quickly and efficiently as possible.
Find out more
This stage should cover:
- Incident response management
- ICT continuity management
- Business continuity management
- Information sharing and collaboration
4. Govern and assure
Fourth element
The final element is to ensure that your programme is overseen from the top of the organisation and built into business as usual. Over time, it should align more and more closely with your wider business objectives.
Find out more
This stage should cover:
- Comprehensive risk management programme
- Continual improvement process
- Governance structure and processes
- Board-level commitment and involvement
- Internal audit
- External certification/validation
Free green paper: Cyber Resilience - cyber security and business resilience
Cyber attacks are increasing in frequency and severity to such an extent that it’s no longer enough to suppose that you can defend against every potential attack.
Organisations need to combine cyber security with business resilience to be cyber resilient. Find out more with our free green paper Cyber Resilience - cyber security and business resilience.
Download now
The benefits of cyber resilience
A cyber-resilient posture helps you to:
- Reduce financial losses;
- Meet legal and regulatory requirements: new regulations such as the NIS (Network and Information Systems) Regulations and the GDPR (General Data Protection Regulation) call for improved incident response management and in some cases, business continuity management;
- Improve your culture and internal processes; and
- Protect your brand and reputation.