World Economic Forum
View ReportBuilding on a previous report Unpacking Cyber Resilience, this publication delves into the practical aspects of cyber resilience, offering insights drawn from the front-line practices of leading organisations globally. It emphasises the need to move beyond technical solutions and develop comprehensive strategies that align with business objectives.
Cyber resilience goes beyond traditional cybersecurity; it is an organisation’s ability to minimise the impact of significant cyber incidents on its primary business goals and objectives.
Developed through consultations and workshops with cybersecurity practitioners, it seeks to answer:
- What have they done to cope with threats posed to their organisations?
- What worked for them?
- What failed?
Ultimately, this work distils real-world lessons on what works – and what does not – when confronting cyber risks. It states that cyber resilience is a practice, not a theory, and that sharing learnings about “what works” is key to building collective knowledge in the field.
Organisations can use the Cyber Resilience Compass to share cyber resilience approaches that work best in practice.
7 Categories for Resilience
The Cyber Resilience Compass systemises numerous concrete front-line practices into seven interrelated categories:
- Leadership
- Governance, risk and compliance
- People and culture
- Business processes
- Technical systems
- Crisis management
- Ecosystem engagement
As a vehicle for the sharing of front-line practices and experiences, the Cyber Resilience Compass seeks to provide the valuable insights that help organisations develop and refine their cyber resilience journey.
The Cyber Resilience Compass is not a static tool; rather, it serves as a dynamic resource for leaders and organisations to identify front-line practices, share experiences and exchange insights to enhance their cyber resilience journey.
