Arrow back

Cyber resilience: everything you need to know

01 November, 2020

Let’s face it, we can all get a little lost when it comes to cyber security jargon. So much so, in fact, that we published our own cyber security jargon buster last year!

There was one topic that we left out of that blog though - cyber resilience.

For organisations of all sizes, it’s a growing concern and an area which is seeing an understandable rise in prominence. But what is it, why is it important and what can you do to become more cyber resilient?

Join us as we share everything you need to know 👇

What is Cyber Resilience?

Cyber resilience, at its heart, is both an individual and an organisation’s capability to sense, resist and respond to cyber attacks. It encompasses both cyber security and organisational resilience to defend against potential cyber attacks and ensure survival following an attack.

Cyber security is how we keep the criminals out, and cyber resilience is about how we respond to a cyber attack when the criminals get in.

Why is Cyber Resilience important?

It only takes one employee clicking on a phishing email to jeopardise cyber resilience. Once cybercriminals gain access, they can lock up critical information and bring down your infrastructure.

A cyber attack only needs to be successful once, whereas an organisation’s cyber resilience needs to be effective every time. As such, cyber resilience is pivotal to staying operational within an increasingly digitised corporate world.

Whilst it’s exciting that organisations are rapidly developing and taking advantage of new, digitally-enabled opportunities, this also increases an organisation’s attack surface, making them more vulnerable to cyber threats.

In the digital age, companies are no longer defined by their physical assets alone. Some organisations, such as Uber and Airbnb, hold few physical assets at all. As assets become digitised, the cost of stolen data is rising and only will continue to grow in the future.

What can we do to become more Cyber Resilient?

Culture Change

We can never fully predict what attacks may be coming our way. However, we can ensure that staff are better equipped to tackle threats.

Traditionally, cyber security cultures in the workplace place a heavy emphasis on fear and blame to try and change behaviour. There instead needs to be a shift from a blame culture in organisations to a positive and educational culture.

People in organisations should aim to work together to deal with internal and external threats, rather than being blamed for being a victim of a cyber attack. Blame will only increase resistance from employees, rather than increase the adoption of positive cyber security behaviours. Working together to support each other helps eradicate stigma and creates a more secure culture.

A positive, healthy and effective cyber security culture begins by deploying the right education - education that is psychologically motivated to effectively change behaviour.

Cyber Education

Robust cyber security cultures begin with awareness training to introduce correct behaviours and expectations, before using consistent reminders and support to reinforce cultural change.

A robust cyber security culture means that staff begin to take on ‘extra-role behaviour’, carrying out positive behaviours that are not part of their regular duties.

Typically, those extra-role behaviours include helping others who struggle to understand policies, voicing concerns to management and referring others to relevant information when needed.

To be effective, cyber education has to be simple and relatable, whilst outlining the risks of not following procedures. All too often, people find information security challenging to relate to.

After all, it’s easier to comply with rules and procedures like health & safety, because we can all visualise risks like flooding or fires. It is much harder to envisage a ‘loss of information’, and harder still to visualise the consequences if people are not aware of the risks.

Good cyber education should explain not only the threats of a breach but also that it’s vital to invest time into following cyber security procedures.

A more secure culture, where people support each other and are proactive to risks, increases resilience. This, in turn, leads to a more secure organisation, which can lead to greater trust in your platform, services and brand.

What are cyber cultures?

To understand cyber cultures, we turn to the Cybersecurity Culture Maturity Model, developed by the Massachusetts Institute of Technology (MIT). The Cybersecurity Culture Maturity Model highlights how to increase organisational resilience to cyber attacks.

In short, the model recommends that employees are transitioned from a level 1 mindset, to a level 4 mindset, where cyber security is seen as being a part of everyone’s role.

With the right education, staff can be made aware of risks, taught the right procedures and consistently reminded of cyber security, so that it becomes innate to everyone’s role.

MIT explains that organisations need to move from a culture where the IT specialists take responsibility for all cyber security-related issues, to one where every employee feels responsible for keeping the organisation secure.

By viewing cyber security as being everyone’s role, cyber resilience is increased, as the culture is proactive towards threats and can anticipate them. Cyber security is then viewed as a tool for increasing productivity and engagement, rather than preventing it.

Ready to take your team from level 1 to level 4? Our cyber security awareness training is proven, effective and ready to deploy to your team within days. Get in touch with a member of our team today to learn more.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance