What is cyber resilience?
Cyber resilience is an organization's ability to prevent, withstand and recover from cybersecurity incidents.
Businessperson works on a desktop computer at night
Cyber resilience defined

Cyber resilience is a concept that brings business continuity, information systems security and organizational resilience together. That is to say, the concept describes the ability to continue delivering intended outcomes despite experiencing challenging cyber events, such as cyberattacks, natural disasters or economic slumps. A measured level of information security proficiency and resilience affects how well an organization can continue business operations with little to no downtime, in other words.

Testing Link
Why cyber resilience is important

A cyber resilience strategy is vital for business continuity. It can provide benefits beyond increasing an enterprise's security posture and reducing the risk of exposure to its critical infrastructure. Cyber resilience also helps reduce financial loss and reputational damage. And if an organization receives cyber resilience certification, it can instill trust in its clients and customers. Further, a cyber-resilient company can optimize the value it creates for its customers, increasing its competitive advantage through effective and efficient operations.

Mitigating financial loss

Financial loss could lead to a loss of confidence from company stakeholders, such as shareholders, investors, employees and customers. According to the 2020 Cyber Resilient Organization Report by IBM Security™, more than 50% of organizations experienced a cybersecurity incident that significantly disrupted information technology (IT) and business processes. Moreover, the average cost of a data breach is USD 4.24 million, according to Ponemon's 2021 Cost of a Breach Study.

Gaining customer trust and business

To attract customers and gain their business, some organizations comply with international management standards, such as ISO/IEC 27001 provided by the International Organization for Standardization. ISO/IEC 27001 provides conditions for an information security management system (ISMS) to manage assets security such as employee details, financial information, intellectual property or third-party entrusted information. In the US, companies might seek certification with the Payment Card Industry Data Security Standard (PCI-DSS), a prerequisite for processing payments such as with credit cards.

Increasing competitive advantage

Cyber resilience provides organizations a competitive advantage over companies without it. Enterprises that develop management systems based on best practices, such as Information Technology Infrastructure Library (ITIL), create an effective operation. So, too, do they when developing a management system for cyber resilience. And as a result, these systems create value for their customers.

What is effective cyber resilience?

Effective cyber resilience must be an enterprise-wide risk-based strategy, a collaborative approach driven from executives to everyone in the organization, partners, supply chain participants and customers. It must proactively manage risks, threats, vulnerabilities and the effects on critical information and supporting assets.

Effective cyber resilience also involves governance, risk management, an understanding of data ownership and incident management. Assessing these characteristics also demands experience and judgment.

Further, an organization must also balance cyber risks against attainable opportunities and competitive advantages. It must consider whether cost-effective prevention is viable and whether, instead, it can achieve rapid detection and correction with a good short-term effect on cyber resilience. To do this, an enterprise must find the right balance between three types of controls: preventative, detective and corrective. These controls prevent, detect and correct incidents that threaten an organization's cyber resilience.

How does cyber resilience work?

Cyber resilience can be understood through a lifecycle based on the stages of the Information Technology Infrastructure Library (ITIL) service lifecycle: strategy, design, transition, operation and improvement.

Cyber resilience strategy

Based on the organization's objectives, strategy work identifies critical assets, such as information, systems and services that matter most to it and its stakeholders. This work also includes identifying vulnerabilities and the risks they face.

Cyber resilience design

Design work selects the management system's appropriate and proportionate controls, procedures and training to prevent harm to critical assets, where practical to do so. The work also identifies who has what authority to decide and act.

Cyber resilience transition

Transition work from design to operational use tests controls and refines incident detection to identify when critical assets are under stress from internal, external, intentional or accidental action.

Cyber resilience operation

Operational work controls and detects and manages cyber events and incidents, including continual control testing to ensure effectiveness, efficiency and consistency.

Cyber resilience evolution

Evolution work continually protects an ever-changing environment. As organizations recover from incidents, they must learn from the experiences, modifying their procedures, training, design and even strategy.

Related solutions
Cyber resilience services

IBM cyber resilience services help protect against risks, vulnerabilities, attacks and failures created from digitally transforming your business.

Become more cyber resilient
Data security solutions

Gain visibility and insights to investigate and remediate threats. And enforce real-time controls and compliance with IBM data security solutions.

Secure your data
Incident response solutions

Unify your organization's incident response with orchestrated IBM incident response solutions.

Orchestrate your incident response
Storage data backup and recovery solutions

Ensure continuity of operations, better performance and lower infrastructure costs with IBM storage data backup and disaster recovery solutions.

Establish data backup and recovery
Security Information and event management (SIEM)

Accelerate detection and integrate seamlessly with security orchestration, automation and response (SOAR) platforms with IBM SIEM solutions.

Enhance your security intelligence program
Risk management services

Make better decisions and connect security risk management to business strategy with IBM risk management consulting services.

Establish security governance risk and compliance
Infrastructure security solutions

Unlock your hybrid cloud strategy while you protect your data with IBM IT security solutions, secure servers and storage.

Explore infrastructure security solutions
Network security solutions

Intelligently recognize even unknown threats and adapt to prevent them in real-time with next-generation IBM network security solutions.

Safeguard your networks
Mainframe security and resiliency

Because a mainframe environment has thousands of users simultaneously executing a wide range of applications, it requires a multi-layered approach to security.

Explore mainframe security
Cybersecurity resources IBM Security Framing and Discovery Workshop

Understand your cybersecurity landscape and prioritize initiatives together with senior IBM security architects and consultants in a no-cost, virtual or in-person, 3-hour design thinking session.

What is data security?

Learn what data security is, why it's important and what strategies to implement.

What is SIEM?

Learn what security information and event management (SIEM) is, what it does and why it's important. Also, learn what tools and features are involved and best practices when implementing a SIEM.

What is a cyberattack?

Learn what a cyberattack is, why they happen and who is behind them. Also, learn what cyber attackers target, their common attack types, and how to reduce cyberattacks.