In part one of this cyber resilience blog series, we discussed what it means to be a resilient organization. For part two, let’s discuss why organizations need to consider these challenges and who’s responsible for addressing them. Whilst asking why an organization may need to be resilient sounds a bit silly, I can say from experience that just because something seems obvious doesn’t mean it’s not quite a bit of work. As a result of this, organizations require processes for prioritizing action that needs to be taken, in order to effectively spend their budgets.

Why Your Organization Needs to Consider Resilience

An organization needs to consider resilience because an improperly handled incident has the potential to go so far over budget that an organization is unable to return to business as usual (BAU) or simply because they don’t have a response plan to said incident and direction is unknown. As discussed previously, resilience is all about maintaining a minimum level of capabilities during an incident and then returning to BAU.

When I discussed this with Matt Torrens, the COO at Sprout IT, he created a brilliant bullet point list of why resilience is vital to his company:

  • Because it helps us respect our client data and legal obligations as well as enables us to produce evidence of how we do this.
  • Because it allows us to maintain and enhance the global reputation of the UK legal services sector.
  • Because only the most tech-savvy law firms will survive in a digitally hyper-connected world.
  • Because it is inconceivable that the delivery of legal services can remain exempt from IT and data security concerns.
  • Because the legal sector is one of the least defended paths to the most sensitive information.
  • Because the threats won’t stop coming.

All of the above are (Read more...)