Business Continuity, Cyber Resilience and Security
(Image Source: https://pixabay.com/en/blind-men-elephant-story-feel-see-1458438/; Use under CC0 1.0)
I had the privilege to attend a forum hosted by Business Continuity Institute (BCI) Vancouver chapter over this past week. At the forum, we discussed the BCI Cyber Resilience Report 2017. I was invited as a speaker to share my perspective as a security professional in the industry.
I have to admit I know very little about business continuity before I step in to the forum. I have heard of BCI, but that’s mostly from my days attending business school. Beyond that, my understanding of business continuity is, pretty much, about someone who specializes in keeping a business running. After listening to the attendees at the forum, I learned that business continuity actually covers a wide range of topics, from hurricane forecast to disaster recovery and emergency preparedness.
Undoubtingly, digital transformation is real. As many more organizations rely on technology for its operations, the concept of cyber resilience becomes a topic of concern for many businesses. Alike the picture above, we can all be describing the same elephant (information/cyber security), yet due to our different perspectives, our perception on information security or cybersecurity can be dramatically different. Within our industry, cyber insurance is now gaining full momentum to mainstream market. The concept of resilience and insurance often goes hand-in-hand. There are four recommendations from the BCI report, which can serve as a reflection point for us. First, BCI encourages a closer collaboration between business continuity colleagues and information/cyber security colleagues. Second, reputation management remains important in any cyber resilience agenda. Third, an organization’s cyber resilience is influenced by the cyber resilience of its supply chain. Lastly, legislative and regulatory changes will have a detrimental effect to cyber resilience and an organization’s effort.
Whether we agree with the report, or not, may not be as important as we recognize the perspectives from other disciplines. Wouldn’t it be great if we can know of ‘the elephant’ from more angles than anyone else?