Other parts of this series:
As noted in my first post, cyber resilience is a business’s ability to identify, prevent, detect and respond to process or technology failures—and recover from an attack, while reducing customer harm and minimizing reputational damage and financial loss.
Notably, a resilient business is not one that can avoid all threats. It isn’t one that can guarantee no incursions will take place. Today, no business can accurately make that sort of guarantee. A resilient business, though, can avert many threats, minimize breaches that do take place and bounce back more rapidly, maintaining normal operations as much as possible throughout.
Achieving resilience means focusing on some basic business principles around people, processes and good risk discipline. Financial firms should focus on these steps to help build resilience:
- Know what’s valuable, and what needs protecting. Take a thorough look at the structure and data supporting your business and know where the most valuable “jewels” are, and what you need to protect these. This step focuses and prioritizes efforts—you can’t protect everything in the same way.
- Get clarity around the business’s operational controls. How current, and how enforced, are the various controls? What should be upgraded? What gaps and vulnerabilities remain?
- Build a strong, organization-wide risk culture. Enlist your entire workforce in helping you close the gaps, by educating and training your professionals and getting them on your side.
- Eliminate the silos. Cyber risk isn’t just a technology problem that falls into the CIOs lap. But it’s not purely an operations concern. Marketing, HR and internal communications own a piece of the puzzle too. An integrated approach is an effective approach.
We also suggest that the role of Chief Risk Officer is the right one to lead the charge against the broader cyber risk agenda, not alone, but as the leader among equals, partnering with the CIO, CTO, CMO, CHRO and others to keep the business safe.
The path to resilience takes discipline, focus and a sustained, holistic approach. Our paper, Making your business cyber resilient, offers more suggestions and insights from our cyber risk professionals at Accenture.