What is cyber resilience?

What is cyber resilience?

Cyber resilience is you or your organisation’s ability to withstand, respond to, and recover from a cyber-attack or data breach. The goal of cyber resilience is to maintain the confidentiality, integrity, and availability of data and business operations.

When you catch a cold, you're suffering from a virus your body has never encountered before,  yet you're able to fight and recover from it. Better still, you come back stronger. Our body is an example of a resilient system.

Cyber resilience is no different, it is the ability for us as individuals or businesses to prevent, defend against, operate during, adapt to and limit the severity of a cyber-attack ensuring full recovery of our devices and systems.

Why cyber resilience matters

Cyber incidents can have a huge impact in terms of cost, productivity and reputation. Being prepared to detect and quickly respond to incidents will help to prevent the attacker from inflicting further damage, so reducing the financial and operational impact.

How to build cyber resilience in your business

  1. Get management on board
  2. Involve your entire organisation
  3. Back-up your data regularly
  4. Implement backup solutions
  5. Simulate security incidents

Boardroom toolkit

Boardroom toolkit developed by the National Cyber Security Centre is designed to encourage essential cybersecurity discussions between the board of a business (that could be a Board of Directors, a Board of Governors or a Board of Trustees) and their technical experts. It is relevant for anyone who is accountable for an organisation in any sector and wishes to improve their cyber resilience.

The toolkit addresses three questions:

  1. What should the board do?
    This provides specific actions for the board.
  2. What should your organisation do?
    This provides information on aspects that Boards should have oversight of but are unlikely to be actively taking action on (though this is dependent on your organisational structure).
  3. What does good look like?
    This provides questions (and potential answers) designed to generate discussions with your experts that can help the Board identify what constitutes 'good' cybersecurity within your organisation

NCSC Boardroom Toolkit and the full toolkit programme