7. Failing to create a strong operational resiliency plan
An operational resiliency plan looks at the big picture, encompassing an enterprise’s entire ecosystem and showing how to maintain business operations during disruptive events, says Jim Doggett, CISO at security technology provider Semperis. “By prioritizing operational resilience, CISOs can balance the need to protect against critical security risks with business continuity management.”
With careful planning, organizations can limit disruptions, recover faster, and reduce the impact on their bottom-line if breached, Doggett says. “Without an operational resiliency plan in place, your entire ecosystem, including suppliers, partners, and vendors, are at risk.”
On the downside, operational resilience efforts tend to fail when an enterprise is internally disconnected. “As leaders of their organization, CISOs are responsible for driving security initiatives, but operational resilience requires organization-wide participation,” Doggett says. “You can’t simply leave it to a single department or team — everyone needs to be involved.”