Cyber Resilience

Cyber resilience is the ability of an organization to enable business acceleration (enterprise resiliency) by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges.

Cyber resilience is an evolving perspective that is rapidly gaining recognition. The concept essentially brings the areas of information security, business continuity, and organizational resilience together.

Entities with the potential need of cyber resilience abilities include, but are not limited to, IT systems, critical infrastructure, business processes, organizations, societies, and nation-states. Adverse cyber events are those that negatively impact the availability, integrity, or confidentiality of networked IT systems and associated information and services[citation needed]. These events may be intentional (e.g. cyber attack) or unintentional (e.g. failed software update) and caused by humans, nature, or a combination thereof.

The objective of cyber resilience is to maintain the entity's ability to deliver the intended outcome continuously at all times.[2] This means doing so even when regular delivery mechanisms have failed, such as during a crisis or after a security breach. The concept also includes the ability to restore or recover regular delivery mechanisms after such events, as well as the ability to continuously change or modify these delivery mechanisms, if needed in the face of new risks. Backups and disaster recovery operations are part of the process of restoring delivery mechanisms