Cyber Resilience Strategic Planning and Self-assessment Tool for Operationalization in SMEs

Abstract

AbstractWith the current high risks of cyber incidents either caused by malicious cyber criminals or by accidents, there is a latent need for cyber resilience. This discipline is a broader than the traditional cybersecurity concept as it aims to give companies an adaptability such that they are “safe-to-fail”, i.e. that companies are capable of facing cyber incidents and still continue their operations or recover quickly. Although cyber resilience is a desirable capability in companies it is not easy to operationalize because it requires knowledge, experience, strategic planning and decision-making capabilities. These characteristics are not easily found in companies starting their cyber resilience building process such as SMEs. Moreover, the current literature offers documents to aid in the operationalization of cyber resilience by giving companies several actions or policies that build cyber resilience, but the information on how to strategize an effective cyber resilience building process is often scarce. Therefore, this article proposes a strategic planning and self-assessment tool to aid companies in the strategic planning of cyber resilience building. This tool contains the most important cyber resilience policies for SMEs and natural progressions for them obtained from the experience of 11 experts. With these progressions companies can obtain insights on what is their current state in each policy and what actions they can perform in order to improve that state. Thus, the tool can be helpful to develop effective action plans for cyber resilience building.KeywordsCyber resilienceStrategic planningSelf-assessment tool