Open share links
Cybersecurity threats remain prevalent, with data breaches increasing by 20% from 2022 to 2023, and a cyberattack in March 2024 on a major U.S. health care billing company causing widespread repercussions. Moreover, artificial intelligence has introduced new potential threats, many of which are still unforeseen. Despite the magnitude of these threats, many companies have grown accustomed to the dangers, while others struggle to determine where to focus their cybersecurity efforts.
No company can expect absolute protection against cyberattacks, regardless of the time, technology, and resources invested, as emphasized by Keri Pearlson, executive director of Cybersecurity at MIT Sloan.
The more achievable goal is cyber resilience, ensuring that a business can swiftly recover from inevitable attacks and resume operations with minimal disruption. A resilient organization emerges from an attack relatively unharmed, experiencing minimal data loss, financial impact, or damage to its brand reputation.
Organizations must establish cybersecurity as a collective responsibility while implementing strategies and mechanisms to foster cyber resilience. According to Pearlson’s insights shared during a recent webinar hosted by MIT Sloan Executive Education, “It’s everyone’s job to be a bit more vigilant today. There are appropriate actions that every individual in the organization can take.”
A strategic plan for resilience
To achieve resilience goals, Pearlson recommends the following:
Focus on planning and testing. Resilience hinges on preparation. Dedicate time to anticipate cyber threats, identify potential impact areas, and test business recovery plans through exercises and processes to ensure rapid recovery.
“The more you practice and prepare organizational processes and technologies, the better equipped you are to absorb shocks and swiftly resume operations,” said Pearlson, who offers executive education courses on cybersecurity leadership for non-technical executives and cybersecurity governance for boards of directors.
Shift attitudes and beliefs. Employees must recognize cybersecurity as integral to organizational health. Rather than mandating actions, cultivate a security-focused culture through storytelling, training, and incentives to encourage desired behaviors.
Related Articles
Adopt a balanced scorecard/risk management approach. Pearlson suggests that companies assess resilience qualitatively by evaluating risks and responses in the context of compliance or supply chain risks. Organizations can utilize a cybersecurity framework from the National Institute of Standards and Technology to identify, respond to, and recover from threats while establishing governance and risk management practices.
Monitor advancements in AI. Artificial intelligence presents both opportunities and challenges in handling cybersecurity risks and resilience. New technologies such as generative AI and quantum computing will enhance threat identification and response capabilities. However, these technologies may also be utilized for malicious purposes, necessitating innovative cybersecurity measures.
Prioritize security. As businesses progress, elevating organizational awareness regarding cybersecurity threats is imperative for all individuals, especially those in executive positions. “By shedding light on our protective measures and thoughts, we can augment our organization’s resilience,” remarked Pearlson. “Understanding the origins of risk is essential for effective risk management.”
Watch the webinar: cybersecurity resiliency is about more than protection
Read more: how to foster a culture of cybersecurity
Close share links