Cyber resilience is the ability of an organization to operate in the face of a cyber attack or other cyber incident.
It involves having the necessary technical and organizational measures in place to detect, respond to and recover from such incidents, as well as the ability to adapt and learn from them to improve future resilience.
“Cyber resilience is what takes over when security prevention measures falter,” - says Andreas Wolf, who leads the group of experts responsible for ISO/IEC IT security standards.
“In the digital economy, the ability to transcend cyber disruption distinguishes market champions. Organizations that turn vulnerability into strength will have the confidence to take healthy risks.”
To protect their critical data assets from digital threats and vulnerabilities, organizations need to adopt a cyber-resilient mindset. Cyber resilience must be integral not only to technical systems but also to teams, the organizational culture and daily operations. In fact, business leaders today are far more aware of the cyber threat than the year prior.
Resilience doesn’t just refer to an organization’s internal workings; it must apply across all third-party partnerships and throughout the supply chain.
The Cyber Resilience Index (CRI) provides public- and private-sector cyber leaders with a common framework of best practice for true cyber resilience, a mechanism to measure organizational performance, and clear language to communicate value.
Under the CRI’s principles, subsequent practices and sub-practices for healthy organizational cyber resilience is the use of recognized security frameworks and industry standards such as ISO/IEC 27001.
Being transparent about internal practices and sharing information with competitors and policymakers can make organizations feel vulnerable. But it is this vulnerability that will lead to true collaboration and progress.
We can’t afford to compromise on cyber resilience in the digital era. There is a business case for it, too. Organizations that adopt cyber resilience through confident vulnerability quickly emerge as leaders in their industry and set the standard for their ecosystem.
Related: Integrating Cybersecurity and Enterprise Risk Management
The ISO/IEC 27001:2022
Information security, cybersecurity and privacy protection — Information security management systems — Requirements, specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
Read also: Data Lifecycle in Pharmaceutical Industry
Resource Person: BARBARA PIROLA