Collecting data and digital information on nearly everything, including customers, is the focus of business operations and management’s strategy, in almost all industries.
Managing the digital risks related to this data can no longer be delegated to a small set of IT professionals. Instead, business managers, risk officers, and boards need to understand how cyber resilience supports the ability to mitigate and remediate digital risks while accepting that adverse cyber incidents are inevitable.
Cyber resilience is a new paradigm that requires a different way of thinking, and our research is designed to help those managers, executives, and board members understand the impact of cyber resilience and how to achieve it. Cyber resilience is not about installing a discrete set of technical systems and our report describes how to build and orchestrate mutually reinforcing processes and tools.
Organisations face major challenges in achieving cyber resilience such as engaging and collaborating to prioritise business risks, accepting wisely chosen trade-offs, and implementing process changes that will help protect information assets. Getting IT teams to put cyber resilience as a top priority while they juggle short-term budget objectives and roll-out timelines, and having both sides understand each other’s objectives and needs are also challenges that our research addresses.