Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals. However, Cyber Resilience requires a broader institutional response that encompasses all aspects of the business. As such, it needs to be owned by the entire executive management of an organisation. “The Department encourages all institutions to view cyber…
Tag: management
Cyber Resilience: Part Four Companies’ Plans Must Include Both Resistance and Resilience
Resistance to cyber attack is undoubtedly valuable and can produce effective outcomes. However, resistance is expensive and there is a law of diminishing returns on the investments made in resistance, Moreover, because the preparations and mitigations employed in resisting attacks are often specific to particular, point-in-time threats, ongoing resistance is…
Cyber Resilience: Part Three What is Cyber Resilience?
Cyber Resilience is an organisation’s preparation for business disruption caused by cyber attacks; its ability to recover from these disruptions; and its systemic capability to adapt and grow from each attack it experiences. Cyber resilience requires that, while organisations strive to prevent incidents, they also understand their internal operating environments…
Cyber Resilience: Part Two Resistance
Cybersecurity has traditionally and overwhelmingly focused on resistance to cyber attack: development and deployment of cyber controls that limit the extent and mitigate the impact of attacks, with the core assumption being that the organisation will be able to prevent most attacks, and at worst, continue to function near-normally during an incident and…
A Rising Tide of Cyber Regulation?
I don’t envy regulators their task of ensuring the firms they supervise are managing their cyber risk well. The increasing dependence of firms and whole sectors on information technology (IT) and operational technology (OT) was always a creeping concern but has accelerated dramatically as a result of the ‘digital’ movement…