Information breaches—either from outside hackers or from internal mistakes—are fast becoming the new normal. As the question becomes “when” not “if,” smart organizations are shifting from defense to offense, placing greater emphasis on recovery and improvement. It’s a new mindset for information security that requires a total cultural—not just technological—commitment to risk management.

“Creating Cyber Resilience” is a wakeup call for modern organizations dealing with the constant threat of compromise to sensitive information.
“Risks today go far beyond theft of information,” says Gary Davis, Regional Manager, DNV GL Business Assurance North America. “Many organizations have a growing concern for the safety of personnel and the sustainability of their business operations. Cyber security impacts the entire scope of your business.”
Breaches are multiplying in frequency and in type, spreading financial and reputational damage across the global economy. One survey has shown that most businesses in 2019 actually expect to be hacked. That’s the tipping point for cyber resilience.
“If you already believe you are going to be hacked,” says Paige Needling, Information Security Sector Manager for DNV GL Business Assurance North America, “the obvious next step is to hone your response and recovery mechanisms. The only way to recover quickly, and minimize damage, is to have a comprehensive plan that is rehearsed frequently.”
To get organized, and to be fully ready to succeed through a breach, many organizations are adopting the ISO 27001 security standard. It is expressly designed to get everyone in an organization on the same page, which is critical in fighting the single biggest cause of corporate information breach: confused and a misaligned organizations.
“Recovery alone is not resilience,” says Needling. “You don’t want to go back to where you were, that obviously wasn’t good enough. The key is learning from what happened and making concrete improvements. That’s where ISO 27001 is uniquely useful. Once you commit to it, you are constantly monitoring and evaluating your readiness. It keeps your people and your security processes sharp like no software or tech gadget can.”