Browse Definitions :
Tech Accelerator What is cyber hygiene and why is it important?
Top 7 cloud misconfigurations and best practices to avoid them Build a strong cyber-resilience strategy with existing tools
Download this guide1
Definition

cyber resilience

By

What is cyber resilience?

Cyber resilience is the ability of a computing system to identify, respond and recover quickly should it experience a security incident.

The goal of cyber resilience is to enable an organization to continue operating, even directly after adverse cyber events such as a cyber attacks, natural disasters or security incidents caused by human error. A good cyber-resilience strategy enables an organization to maintain essential business functions, or restore them quickly, after a cyber incident. Cyber-resilience capabilities are essential in IT systems, critical infrastructure, business processes, organizations, societies and nation-states.

To do this, cyber resilience requires a continuous effort and touches on many aspects of information security, such as disaster recovery (DR), business continuity and computer forensics. Cyber resilience is built up over time and refers to the preparations an organization makes to deal with threats and vulnerabilities, the defenses that have been developed, and the resources available for mitigating a security failure after the fact.

Although they sound similar, cyber resilience and cybersecurity are two separate concepts. While cyber resilience refers to the ability of an organization to identify, respond and recover quickly from a cyberthreat or incident, cybersecurity is the active protection of internet-connected systems from cyberthreats. Cybersecurity standards and frameworks specify how an organization should prepare for and respond to attacks. The two concepts aren't mutually exclusive, however. Both cybersecurity and cyber-resilience plans should be implemented in an organization to create stronger protection against cyber attacks.

Chart showing how to align cybersecurity and cyber resilience.
Cybersecurity and cyber-resilience plans, although separate concepts, work together to create a stronger security posture for organizations.

Why is cyber resilience important?

Being able to respond to a cyberthreat or incident quickly is one of the main benefits of creating a cyber-resilience plan. The quicker the recovery, the less of an effect a security breach or incident will have on business processes. Ideally, an organization should be able to detect, respond to and recover from a cyber attack quickly enough that it can continue operating without affecting workflow or services -- and with minimal financial loss.

This article is part of

What is cyber hygiene and why is it important?

Download1

Download this entire guide for FREE now!

Cyber resilience also increases an organization's cybersecurity posture, which can lessen the number of security incidents. Likewise, the increased data protection can also help an organization comply with regulatory laws.

What are the components of cyber resilience?

The exact components of cyber resilience differ per company; however, some general components might include the following:

  • Cybersecurity. As a part of a cyber-resilience strategy, cybersecurity teams work with different tools and policies to help protect an organization's IT systems -- including hardware and software. Cybersecurity software can monitor, detect and respond to cyber attacks. Organizations can follow cybersecurity frameworks provided by groups such as the National Institute of Standards and Technology (NIST) to implement standardized cybersecurity practices.
  • Business continuity. Business continuity is an organization's ability to maintain critical business functions during and after a disaster. Business continuity planning creates a risk management process that helps define a plan to reestablish full function to the organization as quickly and smoothly as possible and helps to prevent interruptions to mission-critical services.
  • Risk management. Risk management is the process of identifying, assessing and controlling threats to an organization's capital and operations. These risks can stem from a variety of sources, including malicious actors, strategic management errors, accidents and natural disasters. A successful risk management program along with a cyber-resilience plan helps an organization consider the full range of risks it faces.
  • Disaster recovery. DR is the set of procedures, policies and tools an organization has in place to respond to and recover from cyberthreats that negatively affect business operations. The goal of having a DR process is to help an organization regain use of critical systems and IT infrastructure as soon as possible after a disaster.

How does cyber resilience work?

For strategic planning, a key element of cyber resilience is a deep understanding of risk -- which means going beyond IT planning to make limiting risk exposure an integral part of the strategy. To capitalize on the paradigm shift from cybersecurity to cyber resilience, businesses should focus their resources on the cyber-risks that are likely to have the biggest impact, and concentrate on the metrics that provide insight into and help predict them.

A cyber-resilience framework should be built on a strategy surrounding the following steps as defined by NIST:

  1. Identify. Organizations should look for potential security exposure indications proactively. This includes monitoring for potential software vulnerabilities and misconfigured devices.
  2. Protect. Organizations should build up their infrastructure to deal with the potential for cyberthreats and use cybersecurity tools to help prevent potential harm to critical infrastructure and data.
  3. Detect. Security tools and processes should be fine-tuned for incident detection and to identify potential risks and irregularities. Tools and processes in use should be able to monitor critical systems for internal, external, malicious or natural threats.
  4. Respond. Data from any security incident should be collected and analyzed to help organizations make better-informed decisions.
  5. Recover. To avoid interruption to business, organizations should have systems in place to rapidly restore data and to recover mission-critical systems. For example, this could include keeping a backup of customer data in the cloud, hosted in a different geographic location from the organization.

The cyberthreat landscape is constantly changing, and organizations should be able to adapt to any given circumstance. For example, once an organization recovers from an incident, it should modify its security procedures and design a security strategy to defend against the same issue. Organizations should also be proactive and continually review their security posture.

Addressing resilience extends beyond IT or information security. To ensure greater efficiency and effectiveness, technology and strategic leaders should be involved in an overall cyber-resilience approach as a key part of their long-term strategy, including outlining which technologies a business will implement in the next five, 10 or more years.

Cyber resilience is an important aspect of keeping an organization safe from malicious or natural threats. Learn how to build a cyber-resilient culture.

This was last updated in December 2023

Continue Reading About cyber resilience

Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

Security
  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

CIO
  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

Close