Embedding resilience: Becoming cyber resilient through accepting the threat

The “why” of cyber resilience sets the vision, policies, risk appetite, risk tolerance, and strategic direction.

A comprehensive governance and strategy framework is at the heart of any cyber resilience program. This building block functions as the command centre of cyber resilience, setting the overarching vision, establishing critical policies, and defining the organisation’s risk appetite alongside its strategic direction. Meticulously mapping internal policies to the requirements of various external frameworks creates a resilient and compliant operational environment.

• Leadership commitment and clear accountability
• Risk management and asset identification (aligns with NIST’s Identify function and ISO’s context and leadership clauses)
• Integration of cyber resilience into business continuity planning
• Regular review and refinement of policies to address evolving threats
• Regulatory and legal compliance, mapping to relevant standards
• Organisational value alignment; cyber strategies support business objectives and value generation
• Reporting structures and escalation pathways
• Investment prioritization
• Operational dependency mapping
• Operational Impact analysis (BIA)

The traditional defence layer implements technical and procedural safeguards to minimise the likelihood of breaches.

Having all the technical and procedural safeguards in place helps maintain a vigilant stance and enhances the continuous monitoring of the security posture. In essence, while the protect and secure element aims to prevent incidents through a layered defence approach, it is also a critical foundation that supports the other building blocks of cyber resilience.

• Deliberate security architectures aligned to organisational goals, objectives, and structures
• Resilience by design principles
• Supply chain security controls
• Security culture and capability development
• Access controls, encryption, and network security measures
• Endpoint and application security
• Regular vulnerability assessments, patch management, and continuous security and business alignment validation
• Alignment with the “Protect” function of NIST and the Annex A controls of ISO 27001

Ensures the organisation can effectively respond to incidents while maintaining critical business operations, minimising impact, and returning to normal functioning.

Acknowledging that no security posture is impervious to all threats, this building block integrates incident response capabilities with business continuity planning. This integrated approach is particularly distinctive in that it assumes incidents are inevitable and thus focuses on both swift tactical response and sustained operational resilience. By combining these elements, organisations can minimise downtime, maintain service delivery, and preserve customer trust throughout the incident lifecycle.

• Incident response planning and crisis management frameworks
• Business continuity strategies aligned with organisational priorities
• Cross-functional coordination with clearly defined roles and responsibilities
• Real-time damage assessment tied to operational impact metrics
• Predefined operational priorities to guide resource allocation during incidents
• Alternative processing capabilities for critical business functions
• Systematic restoration procedures following predetermined sequence priorities
• Stakeholder communication protocols scaled by incident severity
• Redundancy in systems and data processing capabilities
• Service Level Resilience Objectives that balance security and operational requirements
• Supply chain security and third-party risk management
• Simulated exercises and tabletop drills to validate response and continuity measures
• Processes for rapid containment and eradication of threats
• Operational dependency mapping to identify critical business pathways

Post-incident reviews to assess effectiveness and identify improvements

A continuous learning loop that leverages threat intelligence, real-time monitoring, and post-incident analysis to evolve defences and responses.

The intelligence and adaption block ensures that organisations can systematically analyse the value of their current defences and make informed adjustments where necessary. Moreover, the adaption process involves internalizing lessons learned from post-incident reviews and active engagement with external intelligence sources and collaborative industry networks. This ensures that our organisations learn and grow from our own experiences and also from those of other organisations. It also ensures that we remain at the forefront of best practices and can continually refine our policies and processes to meet new challenges head-on.

• Proactive threat hunting and continuous monitoring
• Intelligence-led testing and validation
• Analytics, reporting, and feedback mechanisms
• Emerging Tech impact assessments
• Predictive analytics
• Incorporation of lessons learned into strategy, policy, and process updates
• Engagement with external intelligence sources and collaboration with industry peers
• Review of emerging threats and recommendations regarding strategy, policy, and process