To lower enterprise risk, get cyber resilient

The digital transformation of business puts information technology at the center of your enterprise. At the same time, it greatly expands risks to the enterprise. As these cyber risks become central to both operational and business risk, they’ll have a greater influence on the enterprise’s overall risk.

What you need is cyber resilience.

That’s the ability of your enterprise to keep its transformed business models efficient and effective in the face of increased IT system threats from nation states, criminals, competitors, insiders, the supply chain and even the weather. This resilience also applies to legal, regulatory and political changes.

Organizations that develop strong cyber resilience also deliver strategic benefits to their CEOs and boards. By showing the interrelationships among IT, operational and business risk, cyber resilience delivers a better understanding of cost and benefit. New business opportunities can be pursued with greater confidence, too.

Any element of effective enterprise risk management, including cyber risk, needs to be interdisciplinary. This means involving not only the Chief Risk Officer, but also the CIO, CEO and line-of-business executives. This also connects enterprise risk with the effective management of cyber resilience through a series of practical steps.

Cyber damage

Get this wrong, and the consequences could be dire. An enterprise that fails to achieve cyber resilience can suffer instant brand damage, data loss and disruption, and enterprise embarrassment. A company that mismanages enterprise risk may also see its stock price and market cap decline, its operating costs and legal liability rise, and its executive and organizational reputation plummet.

To seek these new levels of enterprise risk resilience, organizations need not only processes and technologies, but also principles. While many supervisory boards are aware of enterprise risk, they often lack a common set of guiding principles to manage cyber risks. But this type of guidance is essential.

Governance should start at the top with directors, risk committee members and C-level executives. For example, the finance industry uses a three-tier model. The top level provides the independent oversight (including audit and regulatory), the middle level provides the enterprise governance, and the bottom level defines how to address risks.

Improved cyber resilience can deliver many benefits. Organizations that gain a better understanding of — and response to — risk can adapt and change more quickly than their competitors. Business agility can lead the way to new projects, acquisitions and other fruitful opportunities.

Read more in the position paper, “Managing Enterprise Risk in a Connected World.”

Chris Moyer is chief technology officer for Security at DXC Technology. He has spent more than 25 years building business and technology solutions for clients in several industries across multiple geographies. In previous roles, he has led solutioning, transformation projects and delivery assurance. He is also a member of the Institute of Electrical and Electronics Engineers. Connect with him on Twitter and LinkedIn.


Internet worms through the ages — from relatively low risk to highly destructive


  1. […] To lower enterprise risk, get cyberresilient […]

  2. […] To lower enterprise risk, get cyberresilient […]

  3. […] To lower enterprise risk, get cyber resilient […]

  4. […] To lower enterprise risk, get cyber resilient […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.