Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3.
And with good reason: data breaches, ransomware, and other cyberattacks continue to plague organizations. In fact, the Cisco report found that 62% of organizations have experienced a security event that affected their resilience, including:
- 52% experienced a network or data breach
- 51% suffered a network or system outage
- 47% were affected by a ransomware event
- 46% reported a DDoS attack
All these incidents are a big deal, many with negative impact: interrupted IT/communications, disrupted supply chain, impaired internal operations, lasting brand damage, loss of competitive advantage, and much more.
Also concerning: 63% of organizations said they are less than confident that they could remain resilient during a worst-case cyber event if it occurred today.
What is security resilience?
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, defines security resilience “as being able to protect the integrity of every aspect of your business so it can withstand, not just survive, unpredictable threats or changes and emerge stronger.”
In practice, resilience means having the capacity and functionalities to achieve critical security outcomes. According to the Cisco survey, respondents placed importance on the ability to:
- Prevent major security incidents and losses
- Mitigate financial losses from security incidents
- Adapt to unexpected external change events
- Continue to mature and improve security capabilities
- Contain the spread or scope of security incidents
A broad-stroke interpretation of these capabilities is that many organizations are trying to avoid or at least minimize the probability and impact of security risks.
So, what can you do about it?
Critical resilience factors
The report offers strategic guidance — including seven key factors — to improve security resilience. Organizations that have incorporated these components exhibited higher resilience scores than their counterparts. Download the report to view all seven factors, but meanwhile here are the top three:
- Establish executive support. The data suggests that security programs that closely align with business objectives have greater support from executives and higher levels of security resilience.
- Cultivate a culture of security. Treat employees as part of the solution and give them a role to play in keeping the organization secure.
- Hold resources in reserve. Although it’s challenging to hire and retain staff, organizations that have maintained excess internal security personnel achieved 15% higher security resilience scores.
The Security Outcomes report also delved into specific capabilities that are aligned with the NIST Cybersecurity Framework. For example, the ability to track key systems and data tightly correlates with resilience outcomes such as preventing major cybersecurity incidents and keeping up with business demands.
In addition to the strategic guidance and recommendations in the report, another piece of advice is to lean on experts at Cisco. They want your organization to not just survive a security incident but thrive no matter what comes next.
For more information, download the Cisco Security Outcomes Report, Volume 3