Incident Response for ‘Cyber Resiliency’


“Cyber resiliency” is the ultimate goal for building your ability to respond to cyberattacks. The National Institute for Standards and Technology (NIST) defines cyber resiliency as: “The ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.”
This definition makes two assumptions:
  • Your operations will be subjected to some level of cyber assault.
    • Experts say a cyberattack of some kind occurs roughly every 40 seconds, piling up to about 2,200 in a day.
    • About half of those attacks target small to midsize businesses (SMBs).
  • You must prepare your organization to respond to this continual threat.
    • Analysts estimate each record stolen in a data breach can cost an affected business $146 per record on average, amounting to millions of dollars in lost information.
    • Unmitigated attacks can devastate companies, as research shows that about two-thirds of ill-prepared SMBs that suffer security breaches go out of business within six months.
For these reasons, we encourage SMBs to undertake rigorous incident response planning. Here’s a three-step approach:
  1. Implement basic protections. Manage risk by being ready to respond. The more time and technology invested in detecting and avoiding a breach, the fewer resources needed to react and recoup.
  2. Set strategic priorities. Reduce costs by assessing the necessary speed and scale of response. Was customer data breached? If so, you’ll need to prioritize communications and compliance efforts.
  3. Standardize response processes. Collaborate with people within your organization and partners outside it. Practice, review and refine.
Need planning support? We’re ready to help.