How are you increasing your organization’s cyber resiliency? What are you currently targeting for improvement?

My focus is not just cyber resilience but organizational resilience as well, which is not just about reacting to potential cyber threats. It's about moving beyond merely reacting to incidents and becoming proactive in managing risks.

Here in Holland, I've been discussing with peer groups how to cope with business continuity risks like the ongoing conflict between Ukraine and Russia, which is a significant concern as it's relatively close to us. If the situation escalates, it could lead to widespread power outages in Europe, disrupting banking systems or cloud services, although most of the latter are based in America. Organizations need to understand what their available capabilities are in those scenarios and have a plan in place. It's also crucial to train your staff accordingly to ensure they’re prepared.

Governments in Western Europe, including ours, are increasingly focused on the resilience of organizations. It's not just about considering all possible risks, but understanding the critical components of your organization that need to be ready for any eventuality. Improving resilience requires collaboration between the CISO, communications, marketing, C-level executives, and internal risk management so that, as an organization, you understand what’s critical for operations, how services are organized, and what can be done if critical infrastructure fails.

We're focusing on integrating continuous risk assessment into our operations and enhancing our response strategies. By regularly updating our risk profile and aligning it with our disaster recovery efforts, we're "ensuring" that we can swiftly adapt to emerging threats and minimize potential disruptions.

It always starts with building a risk profile and D&R plan with cyber being a critical element of the D&R plan.