‘Cyber resilience’ seems to be something of a buzz phrase right now, with social media and vendor promotional material often mentioning the importance of resilience.
Many conversations about resilience focus on the importance of strong, robust defences, however are robust and strong defences really signs of resilience?
Oxford University Press defines resilience primarily as “The capacity to recover quickly from difficulties; toughness” and secondly as “The ability of a substance or object to spring back into shape; elasticity.”
To understand resilience, it’s useful to look at the qualities of a resilient person. A person considered to be resilient, would probably exhibit some, or all, of these qualities:
Almost all the qualities of a resilient person map directly to the qualities of a resilient organisation, including cyber. If I were to re-write the list above from an organisational viewpoint, it would look something like:
The challenge here is to understand that resilience is not purely about the brute strength required to withstand anything thrown at the organisation, nor purely about technology or restrictive practices. As much as anything, resilience is about confidence, flexibility and organisational honesty. Apply this pragmatic approach to your cyber security programme, and you’ll be well on the way to being ‘resilient’ in the true sense of the word.
Stay tuned as we share more on how to make your organisation cyber resilient.
About the author
Principal Consultant, CRMG
Former Cyber Security Policy Manager, Bank of England
Industry of Expertise: Banking, Healthcare
Areas of Specialism: Cyber Security Governance & Policy Management