Jun 11 2024

What Is Cyber Resilience and How Do Organizations Achieve It?

True toughness in an age of sophisticated cyberattacks requires a focus on how to recover when a breach occurs.

Even as businesses adopt zero-trust architectures and become more adept at detecting and preventing cybersecurity threats, attackers are still finding ways to get through defenses.

According to the 2024 IBM X-Force Threat Intelligence Index, the use of valid credentials is now the top initial access vector, accounting for 30 percent of the observed incidents that X-Force responded to in 2023.

It’s a question of when, not if, an organization will be breached, so experts say cyber resilience is as important as effective cybersecurity. Organizations must be able to not only weather an attack but also recover and adapt to threats following a breach.

“Every day is a learning day,” says Jon France, CISO of ISC2, a cybersecurity training and certification organization. “Resilience is a discipline, not a point-in-time action. And going through some tough times can inform future action and give you the chance to learn from it.”

Click the banner to discover the benefits of cyber resilience, and learn how to get there.

Why Is Cyber Resilience Important?

Cybersecurity resilience refers to an organization’s ability to “continuously deliver the intended outcomes despite adverse cyber events,” says Lisa Plaggemier, executive director of the National Cybersecurity Alliance.

“It encompasses the ability to prepare for, respond to, recover from and adapt to cyberthreats, ensuring the protection and recovery of information systems by planning for potential issues before they arise.”

Resilience involves not only dealing with cybersecurity incidents but recovering and getting back to a normal operating environment. That doesn’t necessarily mean returning to exactly as things were before a breach, however, since cyber resilience involves adaptation. IT and business leaders may decide to prioritize restoring some functions or processes early, and some not at all.

Source: Marsh, “The State of Cyber Resilience,” June 2022

Cyber resilience is important because it allows businesses to lessen the severity of inevitable attacks and minimize the cost of recovery. 

Cyber resilience helps “ensure continuous operation and reliability of services, even when faced with cyberthreats,” Plaggemier says. Such strategies can reduce downtime, protect sensitive data, maintain customer trust and help organizations comply with regulatory requirements, “thereby safeguarding the organization’s reputation and financial stability.”

How Is Cyber Resilience Different from Cybersecurity?

Cyber resilience is related to but distinct from cybersecurity. “A strong cyber resilience strategy will emphasize preparedness and the ability to bounce back swiftly,” writes Gary McIntyre, managing director of cyber defense at CDW, on the company’s website.

Cyber resilience covers business continuity, disaster recovery and incident response playbooks that include how business functions such as finance, IT and corporate communications will react and recover.

“Cybersecurity is about building strong defenses; resilience is about maintaining functionality and bouncing back quickly after a breach or attack,” Plaggemier says.

What Does Effective Cyber Resilience Look Like?

One key to effective cyber resilience is a continuous practice of risk management as organizations anticipate and weigh risks and plan for breaches.

Another involves business leaders deciding which assets and decisions are most important to the organization in recovering from an attack, then having that information inform technology, processes and procedures.

Click the banner to learn how to assess your zero-trust maturity level.

Ultimately, this manifests as minimal disruption to operations during cyber incidents, quick recovery times and the ability to adapt to new threats, Plaggemier says.

The development of an incident response playbook is a critical element of effective cyber resilience, McIntyre explains. That playbook should outline “the step-by-step actions that must be taken following a cyber incident, ensuring that every cog in the organizational machinery understands its role and responsibilities during a crisis,” he writes.

Can a Cyber Resilience Review Help?

These playbooks can “enable rapid response to cyber incidents by providing clear guidance on containing a detected threat, mitigating its impact and initiating cyber recovery processes,” McIntyre adds. “The swifter the response, the easier recovery will generally be.”

Key metrics of effective cyber resilience include mean time to detect and mean time to respond to incidents, Plaggemier notes, as well as recovery time objectives, the number of incidents over time, and the success rate of incident response and recovery efforts.

READ MORE: Dig into the latest cybersecurity research. 

France says that organizations also should conduct tabletop exercises to run through various cyberattack scenarios and determine how to respond.

Similarly, as the Cybersecurity and Infrastructure Security Agency notes, a thorough cyber resilience review can help an organization “develop an understanding of its ability to manage cyber risk during normal operations and times of operational stress and crisis.”

Such reviews can help “identify vulnerabilities, assess the effectiveness of current strategies and determine areas for improvement,” Plaggemier says. “This review process ensures that policies, procedures and technologies are aligned with the organization’s resilience objectives.”

What Solutions Help with Cyber Resilience?

There are many technology solutions and services that organizations can turn to for cyber resilience, experts say.

These include automated incident response systems, advanced threat detection tools, data backup and recovery solutions, and network segmentation technologies, Plaggemier says.

Additionally, she notes, cloud services and Disaster Recovery as a Service “can provide robust and flexible options for maintaining operational continuity during and after cyber incidents.”

Other cyber resilience capabilities that organizations can work with trusted third parties to deploy include infrastructure analysis, red and purple team exercises, incident response planning and testing, and cyber recovery plan automation and management.

“Cybersecurity resilience is a business concern,” France says, meaning that IT leaders must talk to business leaders and find out what is critical for the organization. “It’s never done in isolation. Cybersecurity is not a treatment to the business; it is an inherent part of the business.”

alvarez/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.