To achieve true resilience, to respond to and recover from threats quickly, organizations must plan for the unknown and operate under the assumption that they will experience a breach at any moment. Prevention alone is no longer enough; having a plan of response in place is necessary in addition to detection.
Leaders must create a culture of security throughout their organizations, one that involves and includes all stakeholders. Educating employees and third-party suppliers, many of whom have little or no security training, can help build trust and organizational resilience.
Sharing information about breaches — with partners, customers, other industries, and government agencies — is the best way to know the enemy, and counter their attacks intelligently.
The good news is that organizations realize they must do more than merely what the law requires. More companies in 2013 prioritized having a strategy and roadmap for information security, raising awareness, and addressing mobile security. In 2012, organizations were more concerned with mere regulatory compliance.
There is also a growing voice of leaders that advocate a stronger collaboration and information sharing between the private and public sectors. Last year, the World Economic Forum launched public-private initiative called Partnering for Cyber Resilience (PCR). Deloitte and other private organizations are working alongside the public sector to address global cyber risks. This marks the beginning of a long journey towards cyber resiliency.
About the Authors: