6.1. How to ensure resilience?

Among the organizations that manage a large CSIRP, 54% (53% in France) do not conduct regular stress tests. More than one in two organizations admit to having been the target of an incident or data breach in the past 12 months.

However, according to another IBM-sponsored Ponemon Institute study, companies that contained a data breach in less than 30 days saved more than $1 million on the total cost of the incident.

Guides or assessment tools have been developed for SMEs by national information system security agencies (or equivalent) to help companies assess their needs and put in place the main measures to ensure the company’s resilience.

The Swiss Confederation has developed an ICT standard, which provides Swiss companies, particularly critical infrastructure operators in Switzerland, with guidelines for improving the resilience of their IT systems and infrastructures to cyber-risks.

The standard includes a reference guide with organizational or technical principles to protect against cyber threats. In addition, it provides a tool that allows companies to assess the degree of their IT resilience (or have it audited by external parties).

It also provides companies with a framework that provides users with a series of concrete measures to implement: identify, protect, detect (set up permanent network monitoring to detect potential cybersecurity incidents, as well as to ensure that malware can be detected), react, ...