Cyber Resilience

What is cyber resilience?

Cyber resilience is an individual's or organisation’s ability to withstand, respond to and recover from a cyber attack or data breach. The goal of cyber resilience is to maintain the confidentiality, integrity, and availability of data and business operations.

When you catch a cold, you're suffering from a virus your body has never encountered before, yet you're able to fight and recover from it, better still you come back stronger. Our body is an example of a resilient system.

Cyber resilience is no different. It is our ability to prevent, defend against, operate during, adapt to and limit the severity of a cyber attack ensuring full recovery of our devices and systems.

Why cyber resilience matters

Cyber incidents can have a huge impact in terms of cost, productivity and reputation. Being prepared to detect and quickly respond to incidents will help to prevent the attacker from inflicting further damage, so reducing the financial and operational impact.

How to build cyber resilience in your business

  1. Get management on board
  2. Involve your entire organisation
  3. Back up your data regularly
  4. Implement backup solutions
  5. Simulate security incidents

Board toolkit

The Board toolkit developed by the National Cyber Security Centre is designed to encourage essential cybersecurity discussions between the Board of a business (that could be a Board of Directors, a Board of Governors or a Board of Trustees) and their technical experts. It is useful for anyone who is accountable for an organisation in any sector and wishes to improve their cyber resilience.

The toolkit addresses three questions:

  1. What should the Board do?
    This provides specific actions for the Board.
  2. What should your organisation do?
    This provides information on aspects that Boards should have oversight of, but are unlikely to be actively taking action on. This is dependent on your organisational structure.
  3. What does good cybersecurity look like?
    This provides questions (and potential answers) designed to generate discussions with your experts that can help the Board identify what constitutes good cybersecurity within your organisation

View the NCSC Board Toolkit and the full toolkit programme.