{"id":24108,"date":"2025-05-21T21:52:33","date_gmt":"2025-05-21T17:52:33","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cyber-resilience-101\/24108\/"},"modified":"2025-05-21T21:52:33","modified_gmt":"2025-05-21T17:52:33","slug":"cyber-resilience-101","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cyber-resilience-101\/24108\/","title":{"rendered":"The ABCs of cyber-resilience"},"content":{"rendered":"<p>Attacks on corporate IT infrastructure\u00a0\u2014 especially using ransomware\u00a0\u2014 and other cyber incidents are <a href=\"https:\/\/www.cohesity.com\/resource-assets\/research-reports\/cyber-resilience-global-survey-report-en.pdf\" target=\"_blank\" rel=\"nofollow noopener\">increasingly topping the list<\/a>s of risks to business continuity. More importantly, they\u2019ve caught the attention of management, who now ask not \u201cMight we be attacked?\u201d but \u201cWhat will we do when we\u2019re attacked?\u201d As a result, many companies are striving to develop cyber-resilience.<\/p>\n<p>The World Economic Forum (WEF) <a href=\"https:\/\/reports.weforum.org\/docs\/WEF_The_Cyber_Resilience_Compass_2025.pdf\" target=\"_blank\" rel=\"nofollow noopener\">defines cyber-resilience<\/a> as an organization\u2019s ability to minimize the impact of significant cyber incidents on its primary business goals and objectives. The U.S. National Institute of Standards and Technology (NIST) <a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/160\/v2\/r1\/final\" target=\"_blank\" rel=\"nofollow noopener\">refines this<\/a>: cyber-resilience is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, attacks, or compromises of cyber systems.<\/p>\n<p>Everyone agrees today\u2019s companies need cyber-resilience\u00a0\u2014 but actually implementing a cyber-resilience strategy presents many challenges. According to a Cohesity <a href=\"https:\/\/www.cohesity.com\/resource-assets\/research-reports\/cyber-resilience-global-survey-report-en.pdf\" target=\"_blank\" rel=\"nofollow noopener\">survey<\/a> of 3100 IT and cybersecurity leaders, 98% of surveyed companies aim to be able to recover from a cyberattack within 24 hours, while only 2% can actually meet that goal. In reality, 80% of businesses need between four days and\u2026 three weeks to recover.<\/p>\n<h2>The seven pillars of cyber-resilience<\/h2>\n<p>In its <a href=\"https:\/\/reports.weforum.org\/docs\/WEF_The_Cyber_Resilience_Compass_2025.pdf\" target=\"_blank\" rel=\"nofollow noopener\">Cyber-Resilience Compass<\/a> whitepaper, the WEF identifies the following key components of a strategy:<\/p>\n<ol>\n<li><strong>Leadership<\/strong>: embedding cyber-resilience into the company\u2019s strategic goals; communicating clearly with teams about its importance; defining company-wide tolerance levels for major cyber-risks; empowering those responsible for designing and (if necessary) executing rapid response scenarios.<\/li>\n<li><strong>Governance, risk, and compliance<\/strong>: defining a risk profile; assigning clear responsibilities for specific risks; planning and implementing risk mitigation measures; ensuring regulatory compliance.<\/li>\n<li><strong>People and culture<\/strong>: developing cybersecurity skills; tailoring security awareness training to each employee\u2019s role; hiring staff with the right cybersecurity skills; creating a safe environment where employees can report incidents and mistakes without fear.<\/li>\n<li><strong>Business processes<\/strong>: prioritizing IT services based on their importance to business continuity; preparing for worst-case scenarios and fostering adaptability. This includes planning in detail how critical processes will function in the event of large-scale IT failures.<\/li>\n<li><strong>Technical systems<\/strong>: developing and regularly updating system-specific protection measures. For example, secure configurations (hardening), redundancy, network micro-segmentation, multi-factor authentication (MFA), tamper-proof backups, log management. The level of protection and allocated resources must be proportionate to the system\u2019s importance.<br>\nFor timely and effective threat response, it\u2019s essential to implement systems that combine detailed infrastructure monitoring with semi-automated response: <a href=\"https:\/\/me-en.kaspersky.com\/next?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kdaily_wpplaceholder_sm-team___knext____655fe72318f39647\" target=\"_blank\" rel=\"noopener\">XDR<\/a>, +SOAR, or similar tools.<\/li>\n<li><strong>Crisis management<\/strong>: building incident response teams; improving recovery plans; designating decision-makers in the event of a crisis; preparing backup communication channels (for example, if corporate email and instant messengers are unavailable); developing external communications strategies.<\/li>\n<li><strong>Ecosystem engagement<\/strong>: collaborating with supply-chain partners, regulators, and competitors to raise collective resilience.<\/li>\n<\/ol>\n<h2>Stages of cyber-resilience implementation<\/h2>\n<p>The same Cohesity survey reveals that most companies feel they are midway on the road to cyber-resilience, with many having implemented some of the necessary basic technical and organizational measures.<\/p>\n<p>Most commonly implemented:<\/p>\n<ul>\n<li>Backup tools<\/li>\n<li>Regular backup recovery drills<\/li>\n<li>MFA (though rarely company-wide and across all services)<\/li>\n<li>Role-based access control (RBAC, also usually only partially implemented)<\/li>\n<li>Other cybersecurity hygiene measures<\/li>\n<li>Formal response plans<\/li>\n<li>Annual or quarterly tabletop exercises testing crisis response procedures with staff from various departments<\/li>\n<\/ul>\n<p>Unfortunately, \u201ccommonly implemented\u201d doesn\u2019t mean widely adopted. Only 30\u201360% of the surveyed businesses have even partially implemented these. Moreover, in many organizations, IT and cybersecurity teams lack synergy, leading to poor collaboration in shared areas of responsibility.<\/p>\n<p>According to the survey respondents, the most challenging elements to implement are:<\/p>\n<ul>\n<li><strong>Metrics and analytics.<\/strong> Measuring progress in cyber-resilience or security innovation is difficult. Few organizations know how to calculate MTTD\/<a href=\"https:\/\/encyclopedia.kaspersky.ru\/glossary\/mean-time-to-respond-mttr\/\" target=\"_blank\" rel=\"noopener\">MTTR<\/a> or quantify risks in financial terms. Typically, these are companies whose core activity involves measuring risks, such as banks.<\/li>\n<li><strong>Changing company culture.<\/strong> Engaging employees at all levels in cybersecurity processes is challenging. While basic awareness training is common (as a hygiene measure), few companies can adapt it to specific departments or maintain regular engagement and updates due to personnel shortages.<\/li>\n<li><strong>Embedding cyber-resilience into the supply chain.<\/strong>\u00a0 From avoiding dependence on a single supplier to actually controlling contractor security processes\u00a0\u2014 these tasks are extremely difficult and, even with the combined efforts of cybersecurity and procurement, often prohibitively expensive to address for all counterparties.<\/li>\n<\/ul>\n<p>Another key issue is rethinking the organization of cybersecurity itself and transitioning to zero trust systems. We\u2019ve <a href=\"https:\/\/www.kaspersky.com\/blog\/zero-trust-transition-practical-advice\/53404\/\" target=\"_blank\" rel=\"noopener nofollow\">previously written<\/a> about the challenges of this transition.<\/p>\n<p>Experts emphasize that cyber-resilience is not a project with a clear end point\u00a0\u2014 it\u2019s an iterative process with multiple phases, which eventually spans the entire organization.<\/p>\n<h2>Required resources<\/h2>\n<p>Implementing cyber-resilience begins with strong board-level support. Only then can collaboration between the CIO and CISO drive real changes and rapid progress in implementation.<\/p>\n<p>In most companies, up to 20% of the cybersecurity budget is allocated to technologies and projects tied to cyber-resilience \u2014 including incident response, identity management, and training programs.<\/p>\n<p>The core cyber-resilience team should be a small cross-functional group with the authority and support required to mobilize IT and cybersecurity resources for each implementation phase, and bring in external experts when needed\u00a0\u2014 for example, <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/security-awareness?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">for training<\/a>, tabletop exercises with management, and security assessments. Having the right skill set in this core group is critical.<\/p>\n<p>Implementing cyber-resilience is a largely organizational process, not just technical\u00a0\u2014 so, in addition to a detailed asset inventory and security measures, serious work is required to prioritize risks and processes, define roles and responsibilities in key departments, document, test, and improve incident playbooks, and conduct extensive staff training.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\"><input type=\"hidden\" class=\"placeholder_for_banner\" data-cat_id=\"mdr\" value=\"\">\n","protected":false},"excerpt":{"rendered":"<p>Businesses reaching the \u201cacceptance stage\u201d: given inevitable breaches \u2014 how to prepare for them?<\/p>\n","protected":false},"author":2722,"featured_media":24109,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2088,1457,1948,2667,2646,1690,2494,2325],"class_list":{"0":"post-24108","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-tips","10":"tag-business","11":"tag-ciso","12":"tag-cyber-resilience","13":"tag-economy","14":"tag-identity","15":"tag-strategy","16":"tag-zero-trust"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cyber-resilience-101\/24108\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cyber-resilience-101\/28884\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cyber-resilience-101\/28986\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cyber-resilience-101\/39564\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cyber-resilience-101\/53464\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cyber-resilience-101\/29162\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cyber-resilience-101\/34925\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cyber-resilience-101\/34556\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cyber-resilience\/","name":"Cyber-resilience"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=24108"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24108\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/24109"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=24108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=24108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=24108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}