Get to Know Cyber Resilience

Learning Objectives

After completing this unit, you’ll be able to:

Discuss the importance of cyber resilience.
Assess your organization’s cyber resilience.
Identify the characteristics of cyber-resilient organizations.

This module was produced in collaboration with the World Economic Forum. Learn more about our partner content on Trailhead.

What Is Cyber Resilience?

“We…need to understand not just cyber resilience but the imperative of operational resilience and the importance of societal resilience.” –Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)

To truly understand the significance and urgency of cyber resilience, consider its parallels to human resilience and how our ability to quickly recover impacts our capacity to grow and thrive. Human resilience is our ability to mentally and emotionally cope with a crisis and move forward.

Our capacity to be resilient relies on several factors, including:

Adaptability: Changing and evolving in the face of challenges.
Optimism: Having a positive outlook despite negative circumstances.
Problem-solving: Facing challenges head-on and finding ways to overcome them.
Support systems: Leaning on and seeking support from friends, family, and community.
Persistence: Continuing to push forward even when faced with obstacles.

Cyber resilience refers to an entity’s ability to continuously deliver the intended outcome despite adverse cyber events. It combines elements of cybersecurity and business continuity to ensure an organization can protect against cyber threats, respond to incidents, recover from them, and evolve to increase its protective capabilities.

Cyber resilient businesses display several characteristics, including:

Adaptability: Ensuring the ability of systems and operations to adjust to new threats and challenges.
Incident response: Rapidly addressing and managing any security breach or attack.
Continuous learning: Updating systems, policies, and procedures based on lessons learned from incidents directly or indirectly.
Collaboration: Engaging with partners, vendors, and industry groups to share knowledge and best practices and ensure compliance.
Strategic alignment: Integrating cyber resilience objectives into the overall business strategy.

One common theme between human and cyber resilience is adaptability. Adaptability is important because it enables responsiveness even in the face of uncertainty and changing circumstances. In addition, both human and cyber resilience emphasize support and collaboration. Support and collaboration is important because they draw on the collective intelligence, resources, and skills of a group, extending the ability to appropriately respond and quickly recover.

During a crisis, like a major cyber event, human resilience and cyber resilience converge. In fact, the success of a resilient response to a cyber event often depends on how well human and cyber resilience are integrated. Human resilience helps leaders and responders make critical decisions while maintaining order, managing multiple stakeholders and implementing solutions to minimize impact.

Meanwhile, cyber resilience increases the likelihood that the organization’s systems and processes can quickly recover from the cyber event while maintaining critical operations. Both work together to minimize damage, restore normalcy, and then learn from the experience to strengthen future resilience.

Two people standing in front of a broken shield. They are putting the shield back together. The shield is a metaphor for cyber resilience.

Is Your Business Cyber Resilient?

“We need to move towards cyber resilience…how quickly we adapt is important.” —Akshay Joshi, Head of Industry and Partnership, Centre for Cybersecurity, World Economic Forum

Whether you’re running a small home business, working in an organization, steering a startup, or leading a Fortune 500, it’s important to be able to determine how your current state of cyber resilience influences daily operations, business strategy, and business continuity. The questions below are based on the six principles of the World Economic Forum (WEF) Cyber Resilience Framework (CRF), which we will discuss in detail in the next unit. Answer the questions to obtain a snapshot of your current state of cyber resilience.

Regularly assess and prioritize cyber risk.
- How frequently does your organization conduct a comprehensive cyber risk assessment?
  - Options: Monthly, Quarterly, Semi-annually, Annually, Rarely, Never
Establish and maintain core security fundamentals.
- Does your organization have consistent standard security protocols in place, like regular software updates, password policies, and multi-factor authentication?
  - Options: Yes, Partially, No
Incorporate cyber-resilience governance into business strategy.
- Is there a dedicated cyber resilience committee or team that collaborates with business units to align cybersecurity goals with overall business objectives?
  - Options: Yes, In progress, No
Encourage systemic resilience and collaboration.
- How often does your organization actively engage with external partners, vendors, or cybersecurity forums to share and gather insights on current threats and best practices?
  - Options: Always, Often, Occasionally, Rarely, Never
Ensure design supports cyber resilience.
- Does your organization have a feedback mechanism in place to continuously refine and optimize its cyber resilience strategies and practices?
  - Options: Yes, Partially, No
Cultivate a culture of resilience.
- Does your organizational culture promote open communication, allowing team members to report potential cyber threats or suggest improvements without any repercussions?
  - Options: Yes, Partially, No

Here’s a simple guide to help you interpret your responses.

Principle	Guidance
Regularly assess and prioritize cyber risk	Monthly/Quarterly: You’re proactive in identifying potential cyber risks. Be sure to act on assessments. Semi-annually/Annually: Consider increasing regularity based on complexity. Rarely/Never: Immediate action needed to establish regular assessments.
Establish and maintain core security fundamentals	Yes: You’re on the right track. Continue monitoring. Partially: Address gaps. Review and implement missing security controls. No: Immediate action needed. Begin with fundamental security practices.
Incorporate cyber-resilience governance into business strategy	Yes: Great! Regularly revisit strategies to ensure alignment. No/In progress: Develop a dedicated team and integrate strategies with business objectives
Encourage systemic resilience and collaboration	Always/Often: You have strong external collaboration. Maintain these connections and seek new partnerships. Occasionally/Rarely/Never: Increase engagement.
Ensure design supports cyber resilience	Yes: Your systems are robust. Continue to adapt. Partially: Create a plan to increase flexibility. No: Consult with IT to redesign for resilience.
Cultivate a culture of resilience	Yes: A resilient culture is in place. Reinforce and reward resilience. Partially/No: Organizational change may be needed. Begin with training and awareness.

This questionnaire provides a snapshot of your current cyber resilience posture. It’s a starting point to understand the alignment between cybersecurity resilience and your overall business goals. However, the real value comes from implementing a cyber resilience program that enables comprehensive assessment, appropriate action on insights, continuous strategy refinement, and ongoing learning.

Now, let’s review the characteristics of organizations who have made the effort to develop comprehensive cyber-resilient programs.

Characteristics of Cyber-Resilient Organizations

“Companies must now embrace cyber resilience—not only defending against cyberattacks but also preparing for swift and timely incident response and recovery when an attack does occur.” —Jeremy Jurgens, Managing Director, World Economic Forum

While they are both essential, there is a difference between a cybersecurity program and a cyber resilience program. A cybersecurity program focuses on protecting against cyber threats through defense, detection, and compliance, aiming to prevent unauthorized access and breaches. A cyber resilience program encompasses all aspects of cybersecurity but adds preparation, response, and recovery from incidents. It emphasizes adaptability and alignment with business goals to ensure the business can continue to function even when under attack.

Organizations that can anticipate, withstand, recover from, and adapt to disruptive cyber events demonstrate strong cyber resilience. Here are three examples of cyber-resilient organizations.

A Large Technology Company

This company regularly deals with cybersecurity threats due to its popular software. When the WannaCry ransomware attack was exploiting a vulnerability in the company’s software, they quickly identified the attack, rapidly released patches to help contain the spread, collaborated with other companies and governments to coordinate a response and improved their approach to software updates and cybersecurity.

These actions contained the spread of the ransomware and improved an existing patching process within the organization.

A Global Financial Services Firm

During a significant breach that exposed the data of millions of its customers and partners, this company took significant measures to maintain operations, quickly address the breach, and enhance its cybersecurity infrastructure. Upon discovering the breach they acted swiftly to collaborate with law enforcement to investigate the scope and source of the attack.

While managing the breach they kept customers informed about the breach and the steps taken to address it. After the breach, they doubled their cybersecurity budget and implemented advanced threat intelligence and better end-point security.

These measures demonstrated a multifaceted approach to cyber resilience that included defense, response, recovery, communication, collaboration, and ongoing learning and adaptation.

An International Container Shipping Company

This company was among many affected by malware that infiltrated through the supply chain, resulting in significant disruption. The company quickly shut down infected networks to prevent the spread, then reinstalled 4,000 servers, 45,000 PCs, and 2,500 applications in just 10 days—a task that would usually take 6 months. Despite the massive disruption, the company continued its operations while continuously updating customers and partners. Subsequently, the company substantially increased its focus on cybersecurity, ensuring that a similar breach in the future would have a much lower impact.

This company’s actions combined immediate response, ongoing communication, rapid recovery and a forward-thinking approach to enhance cybersecurity measures.

It’s essential to understand that no organization is immune to cyberthreats or cyberattacks. However, the ability to effectively respond to, recover from, and learn from cyber incidents is what differentiates a cyber-resilient organization from others. In addition to enhanced recovery after a cyber incident, a robust cyber resilience program has other organization-wide benefits, including the following.

Benefit	Description
Reduced financial losses	By avoiding or minimizing cyber incidents, the program can save significant costs in terms of recovery, legal expenses, and lost business.
Strategic alignment	Integrating the program with business strategies ensures that security is an asset, not a roadblock, to achieving business goals.
Innovation enabler	With a cyber resilience program, organizations can be more confident in adopting new mission critical technologies, knowing they have the organizational resilience to manage associated risks.
Supply chain risk management	An effective program extends to third-party vendors and suppliers and helps manage and mitigate risks associated with external collaborations.
Compliance with regulations	An effective cyber resilience program can help businesses to comply with regulatory requirements and avoid fines or penalties.
Enhanced brand reputation	An effective cyber resilience program can help to protect a business’s reputation by demonstrating that it is taking cybersecurity seriously and is prepared to respond to attacks.

Overall, organizations with comprehensive cyber resilience programs not only enhance recovery but add value across multiple dimensions of the organization.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the scenario in the left column to the best matching cyber resilience aspect on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great job! Now that we’ve reviewed information about how human and cyber resilience converge and we’ve seen examples of companies that have prioritized cyber resilience, let’s explore the steps in creating a cyber resilience program.