Skip to main content
Intelligent Business Research Services

IBRS Service Pack
Building Organisational Cyber Resilience

With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. Cyber attacks are now being perpetrated by well resourced criminal syndicates and increasingly, state actors. At the same time the risk of a compromise for most organisations is increasing with the acceleration of digital transformation, adoption of technologies such as Cloud services, analytics and IOT. The threat landscape is further compounded by increased regulatory and compliance requirements.

Recognising the that a cyber compromise is almost inevitable organisations are now focusing on improving the resilience of their organisation to a cyber incident. Most organisations now have cyber resilience programs in place which not only protect and defend their key information assets but are also well placed to respond should a cyber incident occur.
Click here for a no obligation conversation on how IBRS can assist

Our Cyber Strategy, Roadmap and Implementation Advisory are designed to assist on your Cyber Resilience Journey

Top 5 lessons learnt in cyber security - IBRS observations 2020    


Lessons Learnt Comments
 1.Engage at board level
  • Cyber security is now an enterprise level and national risk. It is key accountability for most boards and they require oversight on the risk profile of their organisation. This provides an opportunity for CISOs and CIOs to engage directly with boards.
  • Cyber threats are constantly evolving and maintaining a defined level of resilience needs a continuous and appropriate level of investment in cyber security.
Adopt a cyber resilience framework or standard
  • Cyber resilience has historically relied on technical defences. Effective cyber resilience now requires a more holistic approach to identifying threats, protecting key assetsdetecting unusual activity and responding to incidents.
  • Australian Signals Directorate (ASD) top 8 controls are effective in preventing incidents. Organisations should also consider implementing a framework such as American Institute of Standards and Technology (NIST) security framework.
Identify critical information assets and where they are located
  • The first step to protecting an organisation’s information assets is to identify what those key assets are, where they are located and who controls their access.
  • Assets include systems and databases required for critical business operations, personal information and infrastructure assets such as active directory, networks and firewalls.
Recognise the current threat landscape
  • To prevent a cyber incident and to respond effectively, organisations need to:
    • Be aware of threats from external actors as well internal threats. For example, staff awareness of threats posed by phishing emails is a must.
    • Understand their current vulnerabilities and risk profile and mitigate according to the risk appetite.
Develop a Cyber Incident Response plan
  • Cyber incidents typically progress through key stages such as Detection, Containment, Eradication and Recovery.
  • A cyber resilient organisation will have a well rehearsed Cyber Incident Response plan which will address the response for the most common cyber scenarios. This is complemented by capable response teams with clear roles and responsibilities and specialist response partners which augment internal capability.
Click here for a no obligation conversation on how IBRS can assist

Dr Philip Nesci

"Cyber incidents and the protection of information have now taken enterprise and national significance. Organisations will need to learn how to operate securely in a zero trust world."

IBRS Observations 2020

  • According to the UK government’s Cyber Security Breaches Survey 2019 the most common types of cyber incidents include:
    • Phishing involved in approximately 32% of data breaches.
    • Ransomware attack.
    • A DDoS (distributed denial-of-service).
    • Various types of malware such as drive-by attacks through the Internet Browser, zero-day attacks and SQL injections.
    • Accidental or deliberate loss of information assets, sometimes from an internal actor.
  • A cyber security incident can have catastrophic impact on an organisation, ranging from costs of business interruption, loss of trust from key stakeholders, diminished brand value, long term profitability and financial penalties for data privacy breaches.
  • Cyber security is a top business risk that requires board focus and the Australian Government has elevated it to the national agenda with the recently released cyber security strategy.
  • A well developed and regularly exercised Cyber Incident Response Plan is critical for organisational cyber resilience and response. While an incident in reality evolves differently from established plans, a well-executed response can dramatically limit the damage and improve the recovery time of an incident.

Supporting Advisory Resources

To get you started on your journey IBRS would like to offer you a download of our Advisory paper: Improving your organisations cyber resilience