Cyber Resilience: What is it? How is it different from cyber security?


Cyber criminals spend all of their time evolving their attack methods. That means healthcare CISOs and CIOs should always be looking for better ways to adapt their approach and stay on top of their organization’s unique risks.

 The adage that your security systems have to win every time, but the attacker only has to win once is a painful reality.

We believe that the Cyber Resilience perspective (or movement, if you will), provides some of the most comprehensive and powerful mental models for how to address three key areas – information security, operations continuity, and organizational strength and hardiness.

In our upcoming live event in New Jersey – co-sponsored with the New Jersey Hospital Association and the HITRUST Alliance – we will be exploring the four pillars of Cyber Resiliency, as well as how the HITRUST CSF improves cyber resilience.

But, now, let’s dive into the concept and briefly explain what Cyber Resilience is and how it differs from Cyber Security.

What is Cyber Resilience?

Info Sec PyramidCyber Resilience is an organization’s ability to continuously deliver intended services, operations and outcomes despite the occurrence of cyber events. Those events may create an adverse impact on people, information, technologies, systems and facilities.

Resilience is evident in the ability to restore and resume core operational and service functions both during and after cyber events, as well as the capability to continuously change or modify necessary delivery mechanisms to adjust to new or potential risks.

What is the Difference between Cyber Security and Cyber Resilience?

The distinct advantage of a Cyber Security approach is that you’re looking at security through the wider lens of continuity when an event occurs – not just focusing on prevention if an event occurs.

This mental and cultural shift may seem small, but it changes the approach and attitude of the entire organization and puts security in the same realm as emergency preparedness.

Cyber Sec vs Cyber Resilience

The Four Pillars

The other aspect of Cyber Resilience that makes it novel and powerful, is its focus on four areas, equally.

These four areas include – Preparation – Prevention – Response – Recovery.

We’ll explore these four areas in a future blog, but, as you can see, these areas balance the view and approach to Cyber Security with a more holistic and enterprise-operational view.

If you’re a provider or business associate in the Princeton, New Jersey region, please register to attend the live Community Extension Program event co-hosted by the New Jersey Hospital Association, BluePrint Healthcare IT and the HITRUST Alliance.