By Kris Lovejoy, Global Cybersecurity and Resiliency Leader at Kyndryl

Are organizations really prepared for IT disruptions? Most companies think so.

According to a new Kyndryl survey, 88% of respondents said their organization is well prepared to manage and recover from any adverse conditions, cyberattacks or compromises that disrupt their IT assets. However, there’s a disconnect between overconfident thinking and the reality that 92% of respondents said their organization experienced adverse events in the last two years.

Kyndryl surveyed 300 IT decision-makers from large enterprises to learn about the adversity they’ve faced, the risks they’re most concerned about and their cyber resilience strategies — meaning how well they can anticipate, protect against, withstand and recover from disruptions.

How organizations manage cyber risk is within their control to an extent. Whether organizations see a long road ahead in managing IT risks or feel confident they are on their way to success, there’s an opportunity to justify this confidence.

Here are seven strategies organizations can take to chart a path toward cyber resilience.

1. Engage the business from the start — and break down silos  

IT organizations too often operate in a silo, separate from other parts of the business. The surest way for a cyber resilience strategy to succeed is to break the silo. Invite people who aren’t in IT to the table and anchor conversations about cyber resilience in the organization’s mission. Make resilience part of the organizational culture. 

2. Take inventory 

Many organizations are challenged by an ever-expanding and complex IT footprint. It’s important to identify and map critical IT assets that will sustain and move business objectives. These assets will be the top priority to protect and, at worst, recover following an adverse event.

3. Move to a zero-trust framework 

It’s important to have a deny-by-default standard to ensure that only those who need to access systems can get it, while those who do not need to, can’t.

4. Establish a crisis management plan — and drill it  

Sometimes adverse events are unavoidable. Case in point: human error is the most anticipated cause of IT disruptions. Defining roles and responsibilities across teams, establishing a communication process, documenting processes and improving transparency often helps reduce the impact of an adverse event. Once a plan is created, it’s important to test it regularly.

5. Continuously modernize your cyber resilience strategy 

Business goals shift, IT estates becomes more complex and external forces like regulations can require changes. To ensure your cyber resilience strategy is effective, these foundational steps must be part of an ongoing discussion.

6. Implement a robust cyber incident recovery plan 

As digital transformation and hyper-convergence create unintended gateways to cyber risks, vulnerabilities, attacks and failures, a cyber resiliency strategy quickly becomes necessary. A cyber resiliency strategy helps organizations reduce risks, financial impact and reputational damages.

7. Inform management and the board of directors often 

Most important, do not wait until it is too late. Keeping company leadership and its respective board informed about cyber events and other IT risks — including plans to mitigate those risks — can help drive top-down organizational alignment and the changes necessary to ensure cyber-enabled systems can remain operational during adverse events.

With a strong cyber resilience strategy in place, companies can keep pace with the rapidly evolving digital environment and the increasingly more sophisticated cyber threats, while also ensuring swift recovery in the event of an attack.

In recognition of Cybersecurity Awareness Month, this is the first installment of a weekly series in October that highlights how organizations can anticipate, protect against, withstand and recover from cyberattacks.