Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals. However, Cyber Resilience requires a broader institutional response that encompasses all aspects of the business. As such, it needs to be owned by the entire executive management of an organisation.
“The Department encourages all institutions to view cyber security as an integral aspect of their overall risk management strategy, rather than solely as a subset of information technology.” Benjamin Lawsky, Superintendent of Financial Services, New York State Department of Financial Services, December 2014
Going forward, the need for Cyber Resilience will require CISOs to work with their colleagues across the organisation and the extended enterprise to help all involved to understand their roles in achieving and maintaining Cyber Resilience. Amongst other things, the CISO will need to help top management and senior executives to imbed Cyber Resilience objectives and plans within the organisation’s overall corporate and business unit strategies and operating models. This will present a new set of challenges – from understanding a broad range of non-technical issues, to developing and communicating proposals for broad operational and organisation change. It will also create opportunities to build support for investment and organisational change that will transform companies’ cyber resistance and resilience postures.
“Cyber is not a minority sport for technologists only” Andrew Gracie, Executive Director of Resolution of Bank of England, January 2015
This complete blog series can be found here: