Cyber and Information Security is a business wide risk and not just an IT problem or planning issue. It must be treated as an integral part of normal business risk management processes. Normalisation is key. Cyber risk should be viewed just like any other risk that an organisation must contend with to fulfil its goals.
A holistic approach is required to protect an organisation against multiple threats and vulnerabilities, including the defences employed, and the resources available for mitigating a security failure after it happens.
Cyber resilience encompasses cyber security and business continuity management and is the ability of systems and organisations to withstand cyber events and defend against cyber-attacks.
The Network and Information Systems Directive (NIS) requires organisations operating in critical sectors of the economy to ensure a robust level of “cyber resilience”.