Cybersecurity

5 ways to achieve effective cyber resilience

A padlock is seen in front of a screen.

Cyber resilience can impact service delivery, stakeholder confidence and market position. Image: REUTERS/Dado Ruvic

Filipe Beato
Lead, Centre for Cybersecurity, World Economic Forum
Jamie Saunders
Oxford Martin Fellow, University of Oxford
This article is part of: Centre for Cybersecurity
  • To thrive in the digital age, organizations must prioritize cyber resilience as a strategic leadership issue.
  • Cyber resilience is not the same thing as cybersecurity; however, cybersecurity is essential to achieving cyber resilience. Cyber resilience is an organization’s ability to minimize the impact of significant cyber incidents on its primary goals and objectives.
  • A new report from the World Economic Forum in collaboration with the University of Oxford outlines approaches for organizations to boost their cyber resilience.

As economies worldwide adopt more digital technologies, ensuring protections against malicious cyberattacks, failures and outages continues to be a critical concern. And the challenge is a dynamic one – emerging technologies and increasing connectivity create a complex and moving backdrop.

Today, many organizations’ primary goals and purposes are supported by technology-enabled business processes with no analogue alternative. This means that cyber resilience – an organization’s ability to minimize the impact of significant cyber incidents on its primary goals and objectives – can go beyond the digital sphere and not only affect service delivery but also stakeholder confidence and market position.

"The challenge is dynamic," states a new World Economic Forum report, Unpacking Cyber Resilience. "The evolution of the digital landscape and infrastructure, driven by the disruption of connectivity and emerging technologies, has vastly complexified the threat landscape and the cyber risks organizations face."

The report, which was produced in collaboration with the University of Oxford Global Cybersecurity Capacity Centre and industry experts, outlines the importance of cyber resilience and details how a cyber-resilient digital transformation of businesses and society has the potential to drive innovation, productivity and economic growth.

It also notes that while various frameworks and standards exist to help organizations improve their cyber resilience and cybersecurity, lessons learned from peers can greatly enhance the generic approach these models offer.

Here are five tips from the front line to help build cyber resilience.

1. Recognize that total cybersecurity is not achievable

There is no such thing as 100% cybersecurity. Organizations need take a broad view of cyber risk and the many different ways in which malign actors could exploit cyberspace to cause harm to their operations, profitability or reputation.

Investing in cyber resilience can reduce the economic costs of cyber events (data breaches and intellectual property loss, for example), while contributing to improvement in an organization’s reputation. Studies highlight that more resilient companies generate shareholder returns that are around 50% higher than those of their less resilient peers.

2. Anticipate and plan for disruptions

Plans must be made for when incidents occur – and they need to reflect and protect the organization’s core strategic, operational, financial and legal priorities.

Cyber resilience plans, the Forum's report notes, should be "based on an understanding of the threats they are exposed to and the potential harms that could arise."

3. Embed cyber resilience within business processes

Design business processes in ways that will place the organization in a good position to absorb and recover from events, establishing robust contingency measures for when systems fail. Business processes need to be adapted to ensure service standards can be maintained and stakeholder interests protected in the case of a cyber disruption.

To achieve true cyber resilience, organizations must actively collaborate with external parties, who have a shared interest in strengthening the resilience of the entire business environment.

4. Safeguard confidential information

Adopt information governance practices that can limit the impact of confidentiality breaches and data integrity compromises.

The report stresses that organizations establish "information governance practices that can limit the impact arising from confidentiality breaches and data integrity compromises."

5. Learn from past incidents

Organizations need to learn from past incidents – and those that have affected their peers – and adapt processes accordingly.

"Paths to success that can be illuminated by the collective experiences and insights of peers – the sharing of good practice on what works and how to overcome barriers to success has motivated this project," the report states.

Improving the cyber-resilience ecosystem

The globalization of our supply chains, the complexity of technology stacks and the continued appetite to innovate with digital have led to continued aggregation of systemic cyber risk. While the tips above will help businesses improve their cyber resilience, wider changes are needed in the business ecosystem.

This includes collaborating with other organizations to help identify single points of failure and mitigate the associated risks. Businesses also need to work together, and with public authorities, to find ways to address threats and disrupt malicious activity. The Forum's Partnership against Cybercrime is a platform for insight sharing and aims to promote public-private cooperation to combat cybercrime.

Moreover, organizations must also collaborate on utilizing and expanding the limited talent pool with relevant cyber expertise. The Forum’s Bridging the Cyber Skills Gap initiative, for example, has developed a Strategic Cybersecurity Talent Framework that outlines ways organizations can build sustainable talent pipelines.

Have you read?
Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
CybersecurityEmerging Technologies
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum