Cyber Resilience: Lessons Learned or More of the Same?
“Lessons must be learned” said the UK Home Secretary in the aftermath of WannaCry. But will those lessons focus on ‘cyber security’ or will you take a holistic approach to assess, review and validate your cyber resilience capability?
The Cyber Challenge
Most organisations conduct their operations on digital platforms. Like all threats, hazards or vulnerabilities, cyber risk can be managed. In this digital age, cyber resilient organisations balance and manage their cyber risk, whilst maximising the opportunities presented by data processing, storage and transmission. But, just as Darwin saw that survival was based on the response to change, so must we evolve our approach to ‘cyber security.’
If you’re serious about your business, you’ll have response plans in place. But are they integrated? Have you rehearsed them – together – not in isolation? Are your staff skilled in detecting when your cyber defences may be breached? Do you know how and when to escalate and invoke other response plans? How will a cyber-disruption impact on your business continuity? How will you make decisions and communicate? What about protecting your reputation (and your share price)?
The integration of cyber-risk, cyber-security, incident management, crisis management, business continuity and recovery planning (to name just a few) is the best way to better (cyber) resilience. Seasoned people, plans and processes are fundamental to building this capability; and this seasoning is developed through training, exercises and a relentless attention to ongoing improvement and integration.
So will lessons really be learned, or will it be more of the same?