Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It’s time to redefine the role of chief information security officers (CISOs) and budget accordingly.
Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely.

The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and business continuity management. A fusion of creative expertise will mitigate an attack and speed recovery. At the same time, the entire organization becomes more resilient. It’s about more than traditional cybersecurity. Business continuity is part of the whole. All the more reason business continuity management is key to cybersecurity.

 

An article written by Robert Osten, published on 27 September 2019
Translated by Charlotte Ley