Resiliency is that new magic word that businesses today are told they need to emulate. We constantly hear that companies are under attack and that new evolving threats are out there waiting to strike. With that idea in mind, I began to wonder what resiliency looks like, how it would fit into my strategic security plan, and how it would change my budget. I also started to contemplate if there is a way to measure high levels of resiliency or if there is an acceptable baseline. Or what level of resiliency equates to a measurable business value that justifies my expenditure of security department resources?
It’s these questions that drove me to research the concept of cyber resiliency. I found that the basic definition of resilience is the capacity to recover quickly from difficulties. However, in cybersecurity the definition of resiliency is focused on how organizations recover from an incident which incorporates multiple domains such as cybersecurity, business continuity and organizational operations. The objective of cyber resiliency is for the company to be able to adapt and continue delivering services to its customers during an event, for example, a data breach….
