Edition: International | Greek
MENU

Home » Business

How organisations can use vulnerability to create cyber resilience

Too often, there is an inappropriate level of trust between organizations in the digital ecosystems we depend on. The dynamic is born from institutional aversion to loss, fear of condemnation, fragile confidence, and lack of cyber resilience

By: EBR - Posted: Thursday, July 7, 2022

Organizations that will emerge as market leaders in the digital economy will have leaders that prioritize and cultivate a culture of cyber resilience.
Organizations that will emerge as market leaders in the digital economy will have leaders that prioritize and cultivate a culture of cyber resilience.

by Michael Rohrs and Andreas Wolf*

Too often, there is an inappropriate level of trust between organizations in the digital ecosystems we depend on. The dynamic is born from institutional aversion to loss, fear of condemnation, fragile confidence, and lack of cyber resilience.

The World Economic Forum’s Global Cybersecurity Outlook 2022 report, developed in collaboration with Accenture, found that:

-Only 19% of cyber leaders feel confident that their organization is cyber resilient
-58% of respondents feel their partners and suppliers are less resilient than their own organization
-88% of respondents are concerned about the cyber resilience of Small and Medium-Sized Enterprises (SMEs) in their ecosystem.

It doesn’t have to be this way. If organizations can overcome such self-limiting stigma, each will gain from the collective wisdom and combined capability of its partners. Doing so is a necessary foil for the cascading consequences that occur when fragile, interconnected ecosystems break down, as so many recent events have demonstrated.

Cyber collaboration and shared wisdom

For organizations to move past this protracted mistrust, they must exploit a different kind of critical vulnerability from what cyber professionals are used to—the vulnerability of an organization to be truly seen. They must embrace the willingness to be transparent within their organization and ecosystem about shortcomings in cyber resilience posture. They should set realistic expectations about exposure and provide clear information about the systemic consequences of disruptions. They should be forthcoming about experiences with disruptive events and share lessons learned as a result.

Cyber resilience is what takes over when security prevention measures falter. In the digital economy, the ability to transcend cyber disruption distinguishes market champions. Organizations that turn vulnerability into strength will have the confidence to take healthy risks.

Turning institutional vulnerability into organizational strength is not easy to do. Fortunately, the World Economic Forum’s newly-released Cyber Resilience Index Framework – developed in collaboration with Accenture - presents the six principles to cultivate a culture of resilience:

-Regularly assess and prioritize cyber risk
-Establish and maintain core security fundamentals
-Incorporate cyber resilience governance into business strategy
-Encourage systemic resilience and ecosystem-wide collaboration
-Ensure design supports cyber resilience
-Cultivate a culture of resilience

Two principles in particular—cultivating a culture of cyber resilience and encouraging systemic resilience and collaboration—have long been under-valued. Both these principles provide organizations with a starting point to turn vulnerability into cyber resilience. The principles are put into practice as follows:

Cultivate a culture of resilience

Employees are empowered to understand and embody cyber resilient behaviours. This principle has the following practices:

-Earn trust through accountability and transparency: Management regularly, clearly, and openly communicates the cyber resilience strategy, practices, operations, successes, and failings. This builds and maintains knowledge, trust, openness, and ownership over organizational success.
-Cyber resilient aware leadership: Leadership has the expertise and power to manage the organization’s cyber resilience according to best practices and is incentivized to advance its expertise with changes in the landscape.
-Leadership drives culture: Leadership sets the tone and puts the organizational mechanisms in place to drive a culture of capability and accountability for cyber resilience at every level of the organization.
-Champion employee behaviour: Employees understand the defined cyber resilience objectives, feel responsible for the organization’s cyber resilience, and are empowered to exercise cyber resilient behaviour in their daily interactions without fear of punishment.
-Provide continuous training: Employees are taught cyber resilience concepts and best practices, the importance of cyber resilience and its role in daily responsibilities. They continuously exercise these lessons, which evolves with the cyber resilience landscape. Furthermore, they get prompt feedback on their actions.

Encourage systemic resilience and ecosystem-wide collaboration

The organization understands the interdependencies within its ecosystem, engages with other organizations, and fulfils its role in maintaining the resilience of the entire ecosystem. This principle has the following practices:

-Trust through knowledge, accountability, and transparency: The organization maintains transparency in its practices, operations, successes, and failings with its ecosystem partners and shares best practices to build a more resilient collective.
-Ecosystem-wide collaboration. Management creates a culture of collaboration and sets strategic objectives for knowledge and information sharing. So too, it identifies, understands, and mitigates cyber risks in the ecosystem. The organization also actively collaborates with industry peers and policymakers.
-Ecosystem-wide cyber resilience capabilities. The organization continuously improves collective cyber-resilience capabilities alongside other members of the ecosystem to share knowledge, raise awareness and boost the overall standards of practice. This increases the collective capabilities of all members of the ecosystem, appropriately balancing innovation, preparedness, protection, response, and recovery.

These principles and practices promote the kind of cyber vulnerability that organizations and ecosystems need. It’s not just about creating a more capable ecosystem, either. It’s about the opportunity to gain a sustainable competitive advantage. The organizations that quickly adopt resilience through confident vulnerability quickly emerge as leaders in their industry and set the standard for their ecosystem.

ISO 31000:2018 emphasises the fact that risk is the “effect of uncertainty on objectives” and that, despite conventional thinking, that effect can be positive as well as negative. Amid the Fourth Industrial Revolution, systemic interdependence creates both downside costs of cyber risk and holds a much greater upside value. On both sides, the effect of resilient organizational behaviour on the future is more than the sum of its parts. The organizations that will lead us into the digital future are those that are not only vulnerable enough to admit they can’t do it alone but are also confident and savvy enough to realize that it’s better for businesses to not even attempt it.

*Senior Manager, Security, Accenture and Chairman of ISO/IEC JTC 1/SC 27 Information security, cybersecurity& privacy, International Organization for Standardization (ISO)
**first published in: www.weforum.org

READ ALSO

EU Actually

Macron, France and EU in problems

N. Peter KramerBy: N. Peter Kramer

The pontifical and pompous re-opening of the Notre Dame Cathedral, five years after the devasting fire, cannot conceal that France is sinking into an unprecedented political crisis

View 04/2021 2021 Digital edition

Magazine

Current Issue

04/2021 2021

View past issues
Subscribe
Advertise
Digital edition

Europe

Macron to head to Warsaw to brief Tusk, Duda on US-Ukraine talks

Macron to head to Warsaw to brief Tusk, Duda on US-Ukraine talks

French President Emmanuel Macron is expected in Warsaw to debrief on conversations with US President-elect Donald Trump and Ukrainian President Volodymyr Zelenskyy over the weekend

Business

Value-based trade policies are on the rise- Here’s what businesses need to know

Value-based trade policies are on the rise- Here’s what businesses need to know

Trade policy is no longer just there to promote efficiency and productivity in the flow of goods and services

MARKET INDICES

Powered by Investing.com
All contents © Copyright EMG Strategic Consulting Ltd. 1997-2024. All Rights Reserved   |   Home Page  |   Disclaimer  |   Website by Theratron