In my\u00a0previous blog\u00a0I set out the case for digital resilience being a step up from cybersecurity and described the need to convince organizations of its importance in a business context.At its core, digital resilience represents a fundamental change in the way we understand digital technology, risk and opportunity.In my blog\u00a0I\u00a0proposed the following definition:Digital resilience \u2013 an organization\u2019s ability to maintain, change or recover technology-dependent operational capability.Assuming organizations heed the warnings and take on board the need for digital resilience, how do they go about building organizational capacity?I would suggest the starting point is to hold an internal audit to identify and address digital resilience issues within the organization. As with any cybersecurity-related matter, this should be led from the top-down, with all departments involved. This is a crucial issue and one that needs to be discussed by the leadership team and not just seen as something for the IT department to deal with.In a recent\u00a0blog post, U.S. consultancy firm McKinsey says achieving digital resilience requires the involvement of multiple stakeholder groups. \u201cOversight from the board and senior management is essential to ensure that cybersecurity programs are rigorous and effective,\u201d it adds. This is further supported by the Digital Resilience\u00a0white paper\u00a0published by the Shearwater Group, in which the extent of the risk is exemplified in the very public demise of Kodak, once a giant in its day, and a relatively recent example of a failure to embed and foster digital resilience: \u201cWithin a decade [Kodak] had gone from a technology leader to bankrupt.\u201d\u00a0After all, the roots of the failure to build digital resilience capabilities lie not in technology but in organizational culture.The first question an organisation should ask itself should be \u2018do we understand digital resilience?\u2019 It is important to know not only what it means but also how it is different from cybersecurity. Organizations must also understand how dependent they are on digital technology, and be sufficiently aware of the opportunities and risks that carries.The next question should be \u2018how digitally resilient are we?\u2019 Organizations must assess if their level of resilience is appropriate, decide what level of digital weakness they consider acceptable, and assess their capacity to innovate.Next, \u201chave we assessed our digital resilience exposure?\u201d Organizations must look at how a lack of\u00a0resilience\u00a0will harm their business, processes and people, and work through potential consequences and build scenarios for how these may evolve.The final question should be \u201cdo we have an active program to build and embed digital resilience thinking and practice throughout our organization?\u201dIf the answer to the final question is \u201cno,\u201d then remedial work must be carried out immediately.It is important that any strategies or solutions implemented to build digital resilience within an organization must be done so in the knowledge that the challenges and opportunities arising will change constantly. They must also be done in the knowledge that there is no going back \u2013 pre-digital strategies simply will not work in a digital environment.So, what does a digitally resistant organization look like? In a\u00a0recent column, Ray Rothrock, a CEO who has written a book on Digital Resilience, says: \u201cInstead of cowering behind a wall and hoping for the best, those who lead digitally resilient businesses ensure that they know the strengths, weaknesses, gaps and vulnerabilities of their networks.\u201dRothrock equates the traditional practices of cybersecurity with the way \u201cmisers protect their money\u201d \u2013 by putting it in a safe and keeping it out of the reach of thieves. However, he makes the point that this approach also puts an organization\u2019s most vital assets beyond any possibility of growth through exchange or investment.\u201cThe resilient approach to cyber security is to defend data dynamically and actively while also making it work for you,\u201d he adds. But I believe digital resilience encompasses a whole lot more.In the previously-mentioned blog, McKinsey makes the point that organizations face the tough task of protecting their most important information without making it so difficult to access that it slows down their operations.I firmly believe CEOs and their boards need to build resilience-by-design capabilities, both for themselves and their organization at the appropriate level.\u00a0This includes:Ensuring the entire organization incorporates resilience thinking\u00a0with regard to boththreats and opportunities.Understanding that the effects of risk can be both negative and positive, and that taking or ignoring opportunities presents different types and levels of risk.Understanding that discovering, creating and understanding new opportunities and threats requires cross-functional working and a multidisciplinary approach.Ensuring the organizational culture and capabilities to enable decisions to be made and implemented within relevant timeframes and then adapted as required in response to resilience threatsand opportunities.Encouraging and empowering senior individuals to critically discuss existential threats, with appropriate management mechanisms to collect and analyze these in combination.A culture where the potential impacts of digital weakness are communicated early to boards so that mitigation can be incorporated into strategy where they may actually end up creating opportunity \u2013 and with opportunity, don\u2019t forget, comes competitiveness.Assessment exercises that test the ability of the organisation and its management to respond, and highlight where decision-taking and capability gaps exist.I am in no doubt that digital resilience will eventually come to be seen\u00a0as\u00a0one of the most important long-term assets of an organization, perhaps even\u00a0the\u00a0most important. For that to happen CEOs need to start having serious conversations about digital\u00a0resilience\u00a0now to ensure their organizations are fully prepared to face the digital future. It is easy for me to say what needs to be done, words oft come cheap, but implementing a digital resilience strategy is a different matter.So in a future digital resilience blog, part 3, I will look at mapping out a generic framework that can be used as a starting point for your very own digital resilience audit.