Skip to main content
Mobile
  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations
HS Talks HS Talks
Subjects  
Search
  • Notifications
    Notifications

    No current notifications.

  • User
    Welcome Guest
    You have Limited Access The Business & Management Collection
    Login
    Get Assistance
    Login
    Forgot your password?
    Login via your organisation
    Login via Organisation
    Get Assistance
Finance, Accounting & Economics
Global Business Management
Management, Leadership & Organisation
Marketing & Sales
Strategy
Technology & Operations
Practice paper

Redefining cyber resilience : Through the risk register lens

Ria Thomas
Journal of Business Continuity & Emergency Planning, 18 (1), 75-83 (2024)
https://doi.org/10.69554/ZLZM8911

Abstract

Resilience is deeper than maintaining a company’s operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most — if not all — of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership’s ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.

Keywords: enterprise resilience; cyber resilience; risk register; operational resilience; financial risks; incident response; cyber crisis; preparedness

The full article is available to subscribers to the journal.

Already a subscriber? Login or review other options.

Author's Biography

Ria Thomas is Senior Vice President and Head of Cyber Enterprise Resilience at Truist, where she leads cross-organisational, multi-stakeholder efforts to deepen enterprise-wide cyber resilience. She has advised boards of directors, executive leadership and crisis management teams at over two dozen large global firms as they navigated live cyber crises, in addition to a range of global critical infrastructure firms on crisis preparedness and enterprise resilience strategies. She spent the first decade of her career with the US government as an international security expert. Over the last decade, she has led cyber and resiliency practices for management consulting firms across multiple markets, including the USA, UK, Europe, Middle East, and Asia. A New York licensed attorney, Ms Thomas has a JD from Georgetown Law and a BA from American University, DC. She writes and speaks extensively on enterprise resilience, with a focus on cyber-based business risks.

Citation

Thomas, Ria (2024, September 1). Redefining cyber resilience : Through the risk register lens. In the Journal of Business Continuity & Emergency Planning, Volume 18, Issue 1. https://doi.org/10.69554/ZLZM8911.

Options

  • Download PDF
  • Share this page
    Share This Article
    Messaging
    • Outlook
    • Gmail
    • Yahoo!
    • WhatsApp
    Social
    • Facebook
    • X
    • LinkedIn
    • VKontakte
    Permalink
cover image, Journal of Business Continuity & Emergency Planning
Journal of Business Continuity & Emergency Planning
Volume 18 / Issue 1
© Henry Stewart
Publications LLP

The Business & Management Collection

  • ISSN: 2059-7177
  • Contact Us
  • Request Free Trial
  • Recommend to Your Librarian
  • Subscription Information
  • Match Content
  • Share This Collection
  • Embed Options
  • View Quick Start Guide
  • Accessibility

Categories

  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations

Librarian Information

  • General Information
  • MARC Records
  • Discovery Services
  • Onsite & Offsite Access
  • Federated (Shibboleth) Access
  • Usage Statistics
  • Promotional Materials
  • Testimonials

About Us

  • About HSTalks
  • Editors
  • Contact Information
  • About the Journals

HSTalks Home

Follow Us On:

HS Talks
  • Site Requirements
  • Copyright & Permissions
  • Terms
  • Privacy
  • Sitemap
© Copyright Henry Stewart Talks Ltd

Personal Account Required

To use this function, you need to be signed in with a personal account.

If you already have a personal account, please login here.

Otherwise you may sign up now for a personal account.

HS Talks

Cookies and Privacy

We use cookies, and similar tools, to improve the way this site functions, to track browsing patterns and enable marketing. For more information read our cookie policy and privacy policy.

Cookie Settings

How Cookies Are Used

Cookies are of the following types:

  • Essential to make the site function.
  • Used to analyse and improve visitor experience.

For more information see our Cookie Policy.

Some types of cookies can be disabled by you but doing so may adversely affect functionality. Please see below:

(always on)

If you block these cookies or set alerts in your browser parts of the website will not work.

Cookies that provide enhanced functionality and personalisation. If not allowed functionality may be impaired.

Cookies that count and track visits and on website activity enabling us to organise the website to optimise the experience of users. They may be blocked without immediate adverse effect.