• United States




Digital resilience – a step up from cybersecurity

Aug 01, 20184 mins
Business ContinuityDisaster RecoveryRisk Management

We are living in an increasingly digital world, but many organizations are still unaware of the extent to which they rely on digital technology and the risks that come with it. As we head towards a digitally dependent future, the need for digital resilience has never been greater.

futuer blast hyper drive matrix
Credit: Thinkstock

For many years those of us working in cybersecurity fought hard to elevate the issue beyond the realms of the IT department and into the boardroom.

Recent evidence suggests that the message is finally starting to get through. According to a study by U.S. consultants McKinsey, 75 percent of executives said they considered cybersecurity to be a top priority.

Another survey by UK consultants KPMG revealed that cybersecurity was very much on the agenda in UK boardrooms, with 74 percent of UK business leaders agreeing that cybersecurity was an enabler of trust, and 45 percent believing cybersecurity specialists were an effective part of the business.

Now, however, we are gearing up for the next battle – to convince organizations of the importance of digital resilience.

Resilience is one of the most valuable long-term properties of an organization, defining its ability to grow and survive in a changing environment by successfully implementing evolving strategies.

As crises are often driven by events that are beyond their control, resilient organizations are those that are best prepared to face and adapt to the challenges ahead.

As the internet of things becomes a reality and the adoption of connected devices continues apace, it’s clear we are heading towards a future in which we will all be dependent on digital technology.

Despite many organizations adopting “digital first” or even “digital only” strategies, few have grasped how dependent their core business processes are on digital technology.

In the event of disruption or failure, switching to processes that are less dependent on technology are often no longer possible.

Digital resilience therefore represents a fundamental change in the way we understand digital technology, risk and opportunity.

As a concept it is much talked about but ill-defined, so the first step is to agree a simple and concise definition of what it actually means in a business context. I propose the following:

Digital Resilience – an organization’s ability to maintain, change or recover technology-dependent operational capability.

In a constantly evolving digital environment, organisations must be able to move quickly and seamlessly to adopt new digital technology solutions and then to recover, rebound and move forward if things go wrong.

Many commentators talk about digital resilience only in terms of cybersecurity, like this recent McKinsey blog, which says organizations are working towards a situation in which they design their business processes and IT systems to “facilitate the protection of critical information and to implement strong cyber defenses and effective plans for responding to cyberattacks.”

That is true, but digital resilience should be seen much more widely than just through a narrow cybersecurity focus.

The digital resilience banner encompasses several other important business concepts including change management, business resilience, operational risk and even competitiveness, as recently alluded to in this excellent white paper on Digital Resilience published by the Shearwater Group and the Institute for Strategy, Resilience & Security.

I strongly believe digital resilience is the very foundation of the modern business and should be recognized as the most valuable long-term property of an organization, something to be managed at senior level but understood by everyone at all levels.

If operational resilience and business competitiveness go hand-in-hand, then digital resilience is paramount to achieving both of those.

Being digitally resilient means an organization is well-placed to adopt new systems and processes, ensuring continued competitiveness and business survival.

It means assessing new technologies in terms of their impact on overall business resilience. More secure may not necessarily mean more resilient; if a solution introduces processes that are flawed or causes business inflexibility then this may affect competitiveness. 

Any new digital infrastructure must therefore be assessed in terms of its overall impact on business resilience, both in terms of opportunity and risk.

The more tightly coupled and efficient digital processes are during normal operation, the more disruption poses a threat to operational, digital and therefore business resilience. 

People, technologies and processes represent a complex operational environment where failure of any one component part can cause a cascading effect that has the potential to render core processes inoperable. 

Identifying each component part and their risk and evolutionary attributes will support competitiveness and both digital and business resilience.

Digital resilience also requires a fundamental shift in how organizations manage risk and opportunity – traditional models of risk mitigation and impact analysis are no longer sufficient.

It must be assessed in terms of combinations of long-tail effects and an organization’s ability to anticipate, respond, learn and evolve appropriately to shifts in a hyper-networked digital environment.

Digital resilience thinking ensures that the entire organization is considered and challenged in the light of enabling and balancing growth, evolutionary change and security needs appropriately.

Now we have a definition we should move towards digital resilience strategies. In my next blog I will explore digital resilience assessment and building organizational capability.


Debbie Garside is founder of GeoLang, a provider of sustainable cyber solutions, and a renowned cyber security and cloud computing expert.

Debbie has been an entrepreneur successfully running IT companies for past 25 years. She is an expert in cyber security and natural language, was appointed the first Prince of Wales Innovation Scholar at the University of Wales and has just finalized her PhD thesis on Human Visual Perception in Cyber Security – her related patent to a new Pseudo-isochromatic second generation CAPTCHA system based on her PhD has been granted. As the Principal UK Expert for Language Encoding, Debbie was until recently editor of two international ISO standards, and a BSI and ISO Chair.

Also a member of the advisory board for HPC Wales, a €40 million high performance computing project, Debbie is a named contributor to a number of internet standards produced by the Internet Engineering Task Force, and has been an advisor to Wikimedia Foundation (overseeing Wikipedia activity) on natural language.

Debbie currently sits on the KTN Defence and Security Advisory Board and is a member of the Cloud Industry Forum. Debbie recently accompanied the UK Prime Minister on a bi-lateral trade mission to India as part of a “Best of British” showcase. Debbie is also the Product Owner for Ascema feeding insights from industry into product development.

The opinions expressed in this blog are those of Debbie Garside and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.