Definition

cyber resilience

By

Alexander S. Gillis, Technical Writer and Editor
Corinne Bernstein

What is cyber resilience?

Cyber resilience is the ability of a computing system to identify, respond and recover quickly should it experience a security incident.

The goal of cyber resilience is to enable an organization to continue operating, even directly after adverse cyber events such as a cyber attacks, natural disasters or security incidents caused by human error. A good cyber-resilience strategy enables an organization to maintain essential business functions, or restore them quickly, after a cyber incident. Cyber-resilience capabilities are essential in IT systems, critical infrastructure, business processes, organizations, societies and nation-states.

To do this, cyber resilience requires a continuous effort and touches on many aspects of information security, such as disaster recovery (DR), business continuity and computer forensics. Cyber resilience is built up over time and refers to the preparations an organization makes to deal with threats and vulnerabilities, the defenses that have been developed, and the resources available for mitigating a security failure after the fact.

Although they sound similar, cyber resilience and cybersecurity are two separate concepts. While cyber resilience refers to the ability of an organization to identify, respond and recover quickly from a cyberthreat or incident, cybersecurity is the active protection of internet-connected systems from cyberthreats. Cybersecurity standards and frameworks specify how an organization should prepare for and respond to attacks. The two concepts aren't mutually exclusive, however. Both cybersecurity and cyber-resilience plans should be implemented in an organization to create stronger protection against cyber attacks.

Chart showing how to align cybersecurity and cyber resilience. — Cybersecurity and cyber-resilience plans, although separate concepts, work together to create a stronger security posture for organizations.

Why is cyber resilience important?

Being able to respond to a cyberthreat or incident quickly is one of the main benefits of creating a cyber-resilience plan. The quicker the recovery, the less of an effect a security breach or incident will have on business processes. Ideally, an organization should be able to detect, respond to and recover from a cyber attack quickly enough that it can continue operating without affecting workflow or services -- and with minimal financial loss.

This article is part of

What is cyber hygiene and why is it important?

Download this entire guide for FREE now!

Cyber resilience also increases an organization's cybersecurity posture, which can lessen the number of security incidents. Likewise, the increased data protection can also help an organization comply with regulatory laws.

What are the components of cyber resilience?

The exact components of cyber resilience differ per company; however, some general components might include the following:

Cybersecurity. As a part of a cyber-resilience strategy, cybersecurity teams work with different tools and policies to help protect an organization's IT systems -- including hardware and software. Cybersecurity software can monitor, detect and respond to cyber attacks. Organizations can follow cybersecurity frameworks provided by groups such as the National Institute of Standards and Technology (NIST) to implement standardized cybersecurity practices.
Business continuity. Business continuity is an organization's ability to maintain critical business functions during and after a disaster. Business continuity planning creates a risk management process that helps define a plan to reestablish full function to the organization as quickly and smoothly as possible and helps to prevent interruptions to mission-critical services.
Risk management. Risk management is the process of identifying, assessing and controlling threats to an organization's capital and operations. These risks can stem from a variety of sources, including malicious actors, strategic management errors, accidents and natural disasters. A successful risk management program along with a cyber-resilience plan helps an organization consider the full range of risks it faces.
Disaster recovery. DR is the set of procedures, policies and tools an organization has in place to respond to and recover from cyberthreats that negatively affect business operations. The goal of having a DR process is to help an organization regain use of critical systems and IT infrastructure as soon as possible after a disaster.

How does cyber resilience work?

For strategic planning, a key element of cyber resilience is a deep understanding of risk -- which means going beyond IT planning to make limiting risk exposure an integral part of the strategy. To capitalize on the paradigm shift from cybersecurity to cyber resilience, businesses should focus their resources on the cyber-risks that are likely to have the biggest impact, and concentrate on the metrics that provide insight into and help predict them.

A cyber-resilience framework should be built on a strategy surrounding the following steps as defined by NIST:

Identify. Organizations should look for potential security exposure indications proactively. This includes monitoring for potential software vulnerabilities and misconfigured devices.
Protect. Organizations should build up their infrastructure to deal with the potential for cyberthreats and use cybersecurity tools to help prevent potential harm to critical infrastructure and data.
Detect. Security tools and processes should be fine-tuned for incident detection and to identify potential risks and irregularities. Tools and processes in use should be able to monitor critical systems for internal, external, malicious or natural threats.
Respond. Data from any security incident should be collected and analyzed to help organizations make better-informed decisions.
Recover. To avoid interruption to business, organizations should have systems in place to rapidly restore data and to recover mission-critical systems. For example, this could include keeping a backup of customer data in the cloud, hosted in a different geographic location from the organization.

The cyberthreat landscape is constantly changing, and organizations should be able to adapt to any given circumstance. For example, once an organization recovers from an incident, it should modify its security procedures and design a security strategy to defend against the same issue. Organizations should also be proactive and continually review their security posture.

Addressing resilience extends beyond IT or information security. To ensure greater efficiency and effectiveness, technology and strategic leaders should be involved in an overall cyber-resilience approach as a key part of their long-term strategy, including outlining which technologies a business will implement in the next five, 10 or more years.

Cyber resilience is an important aspect of keeping an organization safe from malicious or natural threats. Learn how to build a cyber-resilient culture.

This was last updated in December 2023

Continue Reading About cyber resilience

How to conduct a cyber-resilience assessment

Cybersecurity vs. cyber resilience: What's the difference?

Why transparency and accountability are important in cybersecurity

The plan for the inevitable cyber attack: Get the gist of NIST

Five Eyes issues 5 tips on thwarting nation-state threats

Search Networking

What is shielded twisted pair (STP) and how does it work?
Shielded twisted pair (STP) is a kind of cable made up of smaller wires where each small pair of wires is twisted together and ...
What is ping and how does it work?
Ping (Packet Internet Groper) is a basic internet program that enables a user to test and verify if a particular destination ...
What is 1000BASE-T (Gigabit Ethernet)?
1000BASE-T is a Gigabit Ethernet standard that operates at a speed of 1 gigabit per second (Gbps) over copper wiring.

Search Security

What is a firewall and why do I need one?
A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing ...
What is risk appetite?
Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value.
What is penetration testing?
A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify...

Search CIO

What is compliance risk?
Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...
What is quantum entanglement and how does it work?
Quantum entanglement is a foundational phenomenon in quantum mechanics where two or more particles become interconnected in such ...
What is systems thinking?
Systems thinking is a holistic approach to analysis that focuses on the way that a system's constituent parts interrelate and how...

Search HRSoftware

What is team collaboration?
Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...
What is talent management? Definition, basics and strategy
Talent management is a strategic approach organizations use to attract, develop, retain, and optimize employees.
What is employee experience?
Employee experience is a worker's perception of the organization they work for during their tenure.

Search Customer Experience

What are customer service and support?
Customer service is the support organizations offer to customers before, during and after purchasing a product or service.
What is quality of experience (QoE or QoX)?
Quality of experience (QoE or QoX) is a measure of the overall level of a customer's satisfaction and experience with a product ...
What is voice of the customer? A guide to VOC Strategy
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and ...

Close