Cyber resilience is directly proportional to an organization's data governance maturity. If a company hasn't properly documented the value and business impact of their data with respect to their critical business processes, it is impossible for it to have cyber resiliency.

—Kevin L. Jackson

INTRODUCTION

We discussed in the last chapter that technology will address what appear to be technological problems, but not human behavior. There are currently many capabilities available from various cybersecurity solutions to mitigate technical cyber threats. Traditional cybersecurity measures no longer ensure adequate information, data, and network security. As the last four chapters show, adverse cyber incidents negatively impact organizations' confidentiality, integrity, and availability. These incidents may be purposeful or inadvertent ones caused by misconfigured software, human errors, misaligned cybersecurity strategy, or a combination of factors. This is where cyber resilience comes in. Cyber Resilience, What is it? Why should BOD members and C-LEs understand cyber resilience now? Organizations, in general, have a severe problem. They don't typically know which elements of their infrastructure are vulnerable, how deep the cyber-attackers are, what access they have, and what tools they are using. Cyber resilience helps to provide insight into whether an organization can respond technologically to a cyber disruption ...