Today we can work from anywhere, on more devices and networks, facing more risk than ever before. Widespread phishing, malware, ransomware attacks, and other frauds pose a risk to individuals or platforms and entire economies, governments, and our way of life.
Yet, business resources are often still allocated to defensive cyber security, which is focused on protecting the confidentiality and integrity of data. These defenses are proving insufficient in the face of attacks that grow more sophisticated by the day, as we saw with the recent cyber attack on the Newfoundland & Labrador healthcare system. We need cyber resilience in addition to cyber security.
Cyber Resilience starts with the cyber security basics
Cyber security basics include patching vulnerabilities, detecting and mitigating threats, and educating employees on defending company security continuously, not just annually.
Beyond that, organizations need to build resilience into every part of the business, from process mapping to engineering service availability to critical vendor dependency. They need to limit the impact of cybercrime on a company’s brand, finance, legal, and customer trust obligations. While these areas typically receive limited attention, resources, or executive focus, they are significant elements in the case of a real threat.
The aim of cyber resilience is clear enough: to ensure operational and business continuity with minimal impact. However, according to Yahoo! Finance, nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to a new IDG Research Services survey. That high level of concern over the ability to withstand cyber threats in today’s complex IT environment is causing 91% of organizations to increase their cybersecurity budgets in 2021.
A Multi-Dimensional Approach
Real resilience involves a multi-dimensional approach that dynamically responds to threats while keeping your business goals intact. According to Jim Alkove of the World Economic Forum, measuring cyber resilience might involve:
- identifying your crown jewels and critical capabilities;
- looking at the interconnectedness of your systems and how vulnerable you are to attack;
- adapting more quickly to the broader social and political climate;
- creating partnerships with peers, competitors, and public entities;
- looking at how your team hires and develops skills;
- changing your approach, so you are not only securing the business but enabling the business through security;
- measuring whether you are maintaining a culture of trust and agility; and
- measuring customer trust and transparency.
Every organization will have its unique risks, and no one model can serve as a one-size-fits-all approach to cyber resilience. But this approach can help guide investment decisions, unite stakeholders around a common goal, and usher in the practice of continuous improvement. Most of all, cyber resilience should provide leadership with the confidence that when the worst happens, an organization can still deliver on its commitments.
Expert Advice from The Magnes Group
At the Magnes Group, we do things differently. With effort and care, we deliver the very best personalized insurance coverage and risk management advice. We serve businesses and individuals who appreciate quality, precision, and value in a way that many other insurance brokerages can’t or won’t.
As an independent insurance broker, we pride ourselves on providing straightforward, uncomplicated, and honest advice. We treat others as we would like to be treated ourselves. Not to increase market share but because it’s the right thing to do. You can rely on the expert advice from the Magnes Group.