ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > Resilience

Resilience

La resilience in cybersecurity designates the an organisation's ability to anticipate, withstand, adapt to and sustainably recover from a cyber attack or security incidentwhile ensuring the continuity of its critical operations.

This approach goes well beyond simple prevention, by incorporating a more holistic approach. a proactive and evolving strategy to minimise the technical, financial, operational and reputational impact.

Key components

To build effective resilience, a number of key components need to be implemented:

  1. Anticipation and preparation
    • Identifying emerging threats : ongoing analysis of risks, in particular the evolution of ransomwaredata leaks and other sophisticated attack vectors.
    • Crisis scenarios and response plans Action plans: drawing up and regularly updating action plans for various incident scenarios.
    • Strategic intelligence Threat intelligence: implementing technological intelligence and threat intelligence to anticipate new forms of attack and adapt defence strategies.
  2. Resistance and defence
    • Strengthening infrastructures adoption of robust security architectures, such as the Zero Trust and network segmentation, to limit the spread of possible compromises.
    • Reducing the attack surface : implementation of hardening systems (hardening), strict access controls and rigorous management of vulnerabilities.
  3. Adaptation and learning
    • Feedback In-depth analysis of past incidents in order to learn from them and continually improve security processes.
    • Self-repair mechanisms Backup: integration of automated solutions such as offline backups, fast recovery systems and failover mechanisms to redundant infrastructures.
  4. Recovery and communication
    • Resumption of operations Business continuity plans (PCA) and disaster recovery (PRA) to rapidly restore essential services, with clear objectives of RTO (Recovery Time Objective) and RPO (Recovery Point Objective).
    • Transparency and crisis management Proactive and transparent communication with all stakeholders (customers, partners, regulatory authorities) to maintain trust and meet legal requirements.

Application examples

  • Ransomware In the event of an attack, a resilient organisation will be able to recover encrypted data thanks to secure, regularly-tested back-ups, or even restore it using back-up systems.
  • Attacks by denial of service (DDoS) Thanks to partnerships with specialist mitigation suppliers, a company can ensure continuity of service even when the network is highly saturated.
  • Data leaks Activating a crisis management plan will not only enable the authorities and users concerned to be notified quickly, but also enable corrective measures to be implemented to prevent further compromises.

Differentiation from traditional security

  • Traditional cyber security often focused on prevention and protection (firewallsantivirus, intrusion detection systems).
  • Resilient approach Security management: accepting that incidents can occur despite preventive measures. It focuses on the organisation's ability to contain the impact of an attack, adapt quickly and learn from it to strengthen its security posture in the long term.

Associated tools and practices

  • Continuity and recovery plans (PCA/PRA) Structuring procedures to maintain or restore critical operations.
  • Simulation exercises regular organisation of war gamesThese are used to prepare teams and validate the effectiveness of action plans.
  • Cyberinsurance taking out insurance policies to cover financial losses and reduce the economic impact of cyber incidents.
  • Collaboration and information sharing These include active participation in sector networks, the exchange of indicators of compromise and collaboration with CERT (Computer Emergency Response Teams).

Reference frameworks and international standards

  • NIST Cybersecurity Framework (CSF) This framework incorporates resilience via the "resilience" functions. Respond "and Recover "This document provides guidelines for strengthening incident response capability.
  • ISO/IEC 27001 risk management: an international standard that requires risk management to include incident preparedness, with a focus on continuous process improvement.
  • Directive NIS 2 (EU) The European Union's new cyber security policy, which requires critical organisations to put in place enhanced measures to ensure their operational resilience in the face of cyber threats.

Current challenges and future prospects

    • Supply chain management Strengthening the security of interconnected ecosystems, including suppliers and partners, in order to limit the risks of compromise through domino effects.
    • Human resilience Invest in training and awareness-raising for teams so that they can react effectively under pressure and manage crisis situations.
    • Legal and regulatory compliance Complying with notification obligations (e.g. RGPD) and anticipating legislative changes to secure data and maintain stakeholder confidence.

 

Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity