Understanding the management of cyber resilient systems

Abstract

The digital age characterizes the 21-century by the widespread and conscious use of Information Technology, originating the need for organizations to protect one of the most critical and valuable resources: information. Cyber security was born to protect information systems from cyber-attacks. Organizational resilience refers to the ability of a system to adapt to a change: a very contemporary concept that is finding more and more importance in our continuously changing society, assuming also a greater relevance in the cyber context. Therefore, the ability of organizations to react to cyber-attacks and to evolve to a new robustness after successful outbreaks recalls the concept of resilience and brings to the evolution of this concept into that of cyber resilience. In order to offer a deep insight on the management of cyber resilient systems and to propose a Managerial Cyber Resilience Framework, clarifying the role of context in the correct selection and implementation of different tools and practices, we conducted an exploratory multiple case study analysis in six companies operating in three different industries: consultancy, public administration and banking. The results provide interesting managerial actions to undertake for the management of cyber resilient systems also in consideration of specific contextual factors.