Make a business continuity plan to achieve real cyber resilience

Cyber risk must be integrated into a company's overall ERM process to ensure it is truly cyber resilient, says Cindy Bodenstein, marketing manager at ContinuitySA.

Johannesburg, 05 May 2017
Read time 2min 30sec

Cyber resilience cannot be considered in isolation, but should rather be considered within the context of the overall business continuity plan, says Cindy Bodenstein, Marketing Manager at ContinuitySA.

She says cyber resilience was chosen as the theme for this year's Business Continuity Awareness Week because of the growing threat of cyber crime, but an integrated response is vital.

"While we need to place more emphasis on making cyber systems more resilient, we do need to guard against seeing these initiatives in isolation," she notes.

The enduring lesson of business continuity's maturation over the years is the importance of looking at the organisation's risk holistically, and then developing a business continuity plan based on that assessment. Risks and their impacts have always been interrelated, and that interrelation has grown over the years. Properly understanding a risk, and how to respond and recover from it, requires knowing how it affects the rest of the organisation's processes and people.

In fact, this growing interrelationship is in large measure driven by the growing dependence of business and society on ICT for virtually every aspect of their functioning. It is another clear reason to treat cyber risk, and thus cyber resilience, as part of the overall business continuity effort.

Most organisations would accept this view, but in practice, too many of them continue to see cyber risk and resilience as purely technical issues, the domain of the CIO and the IT department.

"Obviously, technology has a critical role to play in securing ICT systems, but it is far from the only role-player. Arguably, it should not even be the main one," she argues. "IT professionals are unlikely to be risk management experts, and they are obviously not fully conversant with the minutiae of the business processes themselves, and how they interact with each other."

For example, she continues, IT professionals may effectively protect the enterprise systems while inadvertently leaving a "back door" open via an insecure mobile app or cloud service. And spending on the IT disaster recovery plan might not take into account the relative importance of the various business processes.

It is thus vital that cyber risk is integrated into the overall enterprise risk management process, and thus into the business continuity plan, to ensure the organisation is truly cyber resilient, Bodenstein concludes.

The concept of cyber resilience is being more fully explored during Business Continuity Awareness Week (15-19 May). Visit or further details and to see when ContinuitySA will be presenting Webinars. In addition, Continuity Mozambique will be hosting open days during this week, where clients can make an appointment to visit the site and view the backup facilities. For more information, please contact Cindy Bodenstein at ContinuitySA: +27 11 554 8000,


ContinuitySA is Africa's leading provider of business continuity management services to public and private organisations. Delivered by highly skilled experts, its fully managed services include ICT resilience, enterprise risk management, work area recovery and BCM advisory - all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, ContinuitySA provides peace of mind for all stakeholders.

ContinuitySA operates the continent's biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley and Somerset West), in KwaZulu-Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.

ContinuitySA is a Gold Partner of the Business Continuity Institute and the recipient of the BCI's 'Continuity and Resilience Provider' award for the third consecutive year in 2016.

ContinuitySA. Our business is keeping you in business.

Additional information about ContinuitySA can be found at Network with ContinuitySA on Google+, LinkedIn, Twitter and Facebook.

Editorial contacts
Warstreet Marketing Rebecca Warsop (011) 807 9842
See also