A Comprehensive Approach to Cyber Resilience

Published in MIT Sloan Management Review, this article argues that the responsibility to keep data safe must expand beyond the IT team.

Findings from interviews with 57 technology leaders suggest that cyber resilience is no longer exclusively the responsibility of the IT function. Rather, organisations need a more comprehensive approach, because data becomes more pervasive across business functions. The organisation as a whole thus needs a plan for protecting data, which is becoming a key source for competitive advantage.

Summary:

Data is becoming one of companies’ most important assets as they digitalise strategies, structures, and processes. Therefore, companies must ensure that their data is accessible, understandable, linked, trusted, and secured
But data is no longer exclusively the responsibility of the IT department
To achieve cyber resilience, companies must employ a cross-functional approach to data management, which involves several key roles:
- Chief data officer: has overall responsibility for executive-level decisions about data management
- Data stewards: reside in departments across the organization, reporting to the chief data officer
- IT team: is the gatekeeper of data, defining data flows within the organisation and to external partners
- Human resources: has data about work schedules, policies and employee requirements
- Legal: coordinates with the CDO to ensure that vendors have agreements in place stipulating realistic response times in the event of a crisis.
- Other consultants: support companies to achieve cyber resilience in non-traditional ways. External cyber risk consultants simulate attackers and defenders to spot vulnerabilities.
- Machine Learning and AI: cyber resilience requires advanced algorithmic tools to analyse data, detect anomalies and make predictions

Why does this matter for businesses?

The article focuses on a specific and important but sometimes neglected element of cyber resilience: data. It’s the asset that needs to be protected from attacks.
But protecting that data and building cyber resilience can only be achieved through cross-functional collaboration, not in isolation by the IT team.
The insights of the article align well with ISTARI’s value proposition – which is, to build cyber resilience.

Read the full article

Dr. Manuel Hepfer

Manuel leads research at ISTARI and is a Research Affiliate at Oxford University’s Saïd Business School. Before joining ISTARI, he completed a PhD in cybersecurity and Strategic Management at the University of Oxford. His research won several awards and appeared in academic and practitioner journals such as MIT Sloan Management Review and was covered by the Financial Times.

A Comprehensive Approach to Cyber Resilience

Dr. Manuel Hepfer

What to read next

Analysis of Top 11 Cyber Attacks on Critical Infrastructure

The Global State of Industrial Cybersecurity 2023

2023 Threat Report – OT Cyberattacks With Physical Consequences