Business magazine Forbes puts it so well: the difference between cybersecurity and cyber resilience (and why you need both).

With cyber threats such as ransomware, phishing, hacking and DDoS attacks a regular occurrence in the business world these days, cyber security has become a vital component of every business’s risk avoidance strategy because it helps to avoid:

1. Disruption of vital business services,
2. Reputational damage,
3. Stiff fines from regulators as a result of personal data loss and breach.

Think of British Airways, fined 1.5% of its global turnover (more than £183 million) after customer data was breached in a 2019 cyber attack. This was the first fine delivered by the UK’s Information Commissioner’s Office (ICO) under the EU’s General Data Protection Regulation (GDPR).

Since then cyber attacks have been hitting the news with increasing frequency and, while some multinational companies can absorb a massive fine, for most small to medium-sized companies a cyber attack can be devastating. Says Forbes: “This is why all companies need to invest in cybersecurity and cyber resilience.”

What’s the difference between the two? 

Cyber security refers to a company’s ability to protect itself against, and avoid the increasing threat of, cyber crime. Cyber resilience refers to a company‘s ability to alleviate damage to its systems, processes and reputation and, crucially, to be able to carry on past the disruption.

While cyber security focuses mainly on external threats, cyber resilience covers inside threats such as human error, and minimises the effects of a cyber attack.

Because cyber threats are advancing all the time, it is fair to say that no cyber security solution can protect against every form of cyber threat, but with cyber resilience in place, it is entirely possible to lessen the impact of an attack.

What steps can I take to cover both?

Cyber security involves taking practical steps such as:

• Installing malware protection that includes antivirus.
• Educating your team on cyber security threats and how their careful actions help to protect the company.
• Keeping software on all devices up to date with the latest patches.
• Turning firewalls on to secure your internet connection.

Cyber resilience involves compiling a “cyber incident response plan” also known as a disaster recovery (DR) plan, to clarify:

• Who is responsible for executing the DR plan
• What needs to be done when there is a breach or disruption
• How to get operations back to normal as soon as possible
• How to recover lost data
• How to communicate the incident to stakeholders
• How to report the incident to regulators

Cyber resilience will vary from company to company but an effective way to start is to assess where a cyber attack would have the most damaging effect on your business. In which areas do you rely on technology, for example, and where do you keep your most valuable data?

Answering these questions will establish your vulnerable areas ahead of installing appropriate measures to minimise the damage of a cyber attack. A dedicated business continuity solution, for instance, enables you to maintain essential functions during and after a disruption has occurred. This is invaluable for maintaining a healthy customer service record.

As Forbes says, “Cyber security and resilience both require an investment in time, resources, and education, but that investment will be repaid many times over once you’ve withstood your first cyber attack.”

If you are unsure about your cyber resilience (or cyber security), feel free to chat with us. Every company is different and we can help you with yours.