True cyber resilience is a business enabler

Issue 4 2023 Security Services & Risk Management, Information Security


Patrick Evans.

“Cyber resilience is about much more than just cybersecurity. It’s about preventing operational disruptions of all kinds that may impact your profitability, productivity, and reputation,” says Patrick Evans, CEO of SLVA Cybersecurity.

South Africans are renowned for their resilience when facing a multitude of problems – from the high cost of living to rolling blackouts. However, the resilience of the average South African citizen is not always matched by the resilience of the businesses they run.

Your business – small or an enterprise – needs to be able to deal with things like power disruptions, unpredictable weather or civil disobedience, and for these you should have plans and contingencies ready, designed to cater for such disruptions. So when organisations are ‘secure by design’, they are more than just cyber secure, they are cyber resilient.

A resilience mindset

The problem is that too often, board members think of cyber as mainly a compliance scenario, rather than an enabler of the business. Moreover, while companies today often have a chief information security officer (CISO), they seldom receive the privilege of being part of the C-suite, and typically report to the CIO.

The reality is that cyber resilience requires a shift in the mindset and culture of the organisation. The first shift is that one needs to work from the assumption that your business operations will be interrupted at some point due to a cyberattack. This change in mindset is required by business leaders and executives, who need to start thinking about what resilient measures they can put in place across the company’s people, processes, and technology.

Until the board accepts that cybersecurity can serve as a business enabler, they won’t achieve this mind shift. And the reason it is an enabler is simple: a cyberattack will inevitably create operational disruption, which in turn impacts profitability, productivity, and even your company’s reputation in the market.

If you are a national or international business, the impact of such a disruption may be measured in millions of rands. To prevent this, business leaders have to engage in careful planning to ensure their organisations are able to withstand whatever the world throws at them.

A holistic, robust programme

Implementing a cyber resilience programme is imperative because cyber is more than IT, it is something that literally touches every part of your business. A robust programme will help you to understand which are your critical environments, the benefits they bring to the business, and the risk they pose to the company should they fail.

Such a programme views the business holistically, so for example you may need to make sure your supply chain is resilient, and that everybody you're dealing with – whether they're online or not – has the same, or similar, measures in place. You should come at this from a risk management point of view, seeking to understand the business risk first, before worrying about the cyber risk.

Of course, in order to help make the business more resilient, it is crucial that the right behaviour is inculcated in employees: How should they react in the event of a disaster? Does everybody know what the playbook looks like? How do they know what they need to do?

The question, then, is how to implement true cyber resilience. Part of the answer is to use a methodology that begins with communicating to everybody what the business is doing. You need to discover the current state of things and analyse those findings accordingly.

You also need to understand what your business-critical data and business-critical processes are. In other words, which applications are crucial to business operations. A good example is that your business may run SAP, but you still need to understand which aspects of SAP are the most critical to keep operational in a disaster.

Plan for change

Then you need to ensure that all the people that need to know the details and play a part in the plan are empowered to do that. Lastly, you need to continuously test and update the plan, because businesses aren't static, they change continuously.

Of course, being able to anticipate cyberattacks remains a key aspect of staying resilient, and there are mechanisms available to help businesses understand whether they're going to be targeted or not.

Ultimately, the best way to build cyber resilience is to first make sure that everybody understands what the business objectives are. From there, you build backwards from these objectives, determining the risks inherent in the objectives, and crafting a cybersecurity plan that has technology resilience built into it – by ensuring that the business priorities align with your people, processes and technologies and that the plan aligns to, and supports, the business effectively.

We call this secure by design.

Find out more at www.slva-cs.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Break the silence on fraud
Security Services & Risk Management
We are entering a new era of fraud, one defined by groups that operate across borders, using advanced digital tools and impersonation tactics to deceive victims and wear down communities' trust and financial security.

Read more...
Africa’s white-collar crime landscape
Security Services & Risk Management
White-collar crime in Africa is no longer a predominantly domestic concern; it has expanded onto the international stage, and so too has the corporate exposure that accompanies it.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.