Cyber resilience describes a growing focus on an organization’s ability to respond to and recover from a cybersecurity incident. The thinking about information security has changed over the years. The saying “it’s not if we suffer an incident, but when” has evolved into “it’s not when, but how many times.” Maintaining business operations while also maintaining the confidentiality, integrity, and availability of critical information is the key to achieving cyber resilience.
Many organizational leaders realize that their employees lack the skills necessary to achieve strong cyber resilience. Further complicating matters is the shortage of job candidates who have the skills and experience necessary.
In a survey of 633 cybersecurity professionals by ISACA, 37 percent of respondents said that fewer than 25 percent of job candidates are qualified for open cybersecurity positions.
In addition, it is not uncommon for personnel to be unaware of where responsibility for a breach lies within the organization.
A survey of 221 C-suite executives and 984 IT decision-makers by cybersecurity firm BAE Systems found 35 percent of the C-suite respondents said IT is responsible for handling a breach, while 50 percent of IT decision-makers said it is the responsibility of senior management.
Without clearly defined responsibilities and a common understanding of those responsibilities (documentation alone is not sufficient), even skilled individuals are not able to react and respond effectively. Not being able to make decisions quickly in an incident response scenario can delay efforts and exacerbate the breach exposure.
In order to have the internal resources required for a strong cyber-resilience program, it is important for an organization to employ individuals with relevant skills and experience in the following crucial areas.
The world of cybersecurity is vast, and not every organization possesses the resources to address every area. So what steps can an organization take to address areas in which it lacks the necessary resources?
Let us know if your organization has had to deal with a shortage of qualified job candidates for cybersecurity positions or a lack of internal cybersecurity resources and what you did to address the problem.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2017 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.