Cyber resilience extends beyond cyber security, focusing on an organisation’s ability to quickly detect and respond to a cyber attack (or incident), whilst maintaining its core business operations and purpose. 

As business environments become increasingly complex and interconnected, there is recognition across every industry of the importance of preparedness, adaptability and resilience. In recent years, companies have learned the difficult lesson that if a cybert hreat or ransomware attack didn’t shut down the organisation for days, weeks or even months, a fire, hurricane or pandemic certainly could. No matter the industry sector or supply chain complexity, companies have discovered rather quickly just how vulnerable they are.

Recent crisis events across industries have increased executive awareness and internal pressure to create, test and assess organisational recovery plans. These include Business Continuity Plans, IT Disaster Recovery Plans, Critical Incident Management Plans and Cyber Incident Recovery Plans, amongst others.

Overview of Services

Our team have extensive experience in supporting organisations with their cyber resilience. Some of our services include the following:

• Development of an Cyber Security Disaster Recovery Plan;
• Development of an Cyber Security Business Continuity Plan;
•  Review and update of Disaster Recovery Plans to include key IT and cyber security components; 
• Review and update of Business Continuity Plans to include key IT and cyber security components; 
• Conducting a Business Impact Assessment to understand key inputs into cyber resilience planning, and recovery efforts; 
• Gap analysis and current state assessment against industry standards and best practices such as ISO 22301, 22317, 27031 and requirements of APRA CPS 230, Essential Eight and AS/NZS 5050:2010 frameworks;
• Developing and implementing process mapping, operational risk frameworks, policies, procedures, and tools that are aligned with CPS 230; 
• Development, review and gap assessment for Ransomware, Data Breach response playbooks and procedures;
• Insider Threat assessments;
• Training and awareness programs on operational risk management for boards, senior management, and staff;
• Supporting with the development of metrics for cyber resilience planning, including:
  • Recovery Point Objective;
  • Recovery Time Objective;
  • Maximum Tolerable Outage; 
  • Mean Time to Detect/Identify;
  • Mean Time to Contain; and
  • Mean Time to Respond, amongst others. 
• Supporting with the identification of key stakeholders, and third parties to be involved in cyber resilience efforts during a disaster; 
• Facilitating scenarios where organisations can engage in real-life testing of their cyber resilience plan; and 
•  Supporting with the use of, and selection of fit for purpose security tooling to enable real time detection and response to cyber security threats, attacks, and incidents. 

The impacts of a disaster include cost, time to recover, as well as reputation, just to name a few. We all have heard on the news about various organisations not being adequately prepared, able to respond to, or maintain business operations during a cyber security incident. 

It is time to act now. Get in touch with RSM to see how we can be of assistance. 
 

KEY CONTACTS