All Research
Advisory Note
Business continuity and cyber security remain largely in separate siloes. But changes in the IT and cyber threat landscapes mean there is an urgent need for organizations to alter their approach. This Advisory Note identifies why there needs to be closer alignment and integration between business continuity and cyber security teams, and provides recommendations on how to achieve this to reduce the business impact of cyber attacks and ensure none is a business killer.

1 Executive Summary

Business continuity is the ability of an organization to maintain critical business functions during, as well as after, a disaster has occurred. Traditional business continuity plans consider potential disruptions such as natural disasters, fires, disease outbreaks, and cyber attacks. However, the trend towards digital transformation and an increasing reliance of organizations on IT for critical business functions and data means that cyber attacks are the most likely threat to business continuity. As cyber attacks continue to increase in number and ability to cause significant damage to IT infrastructure, organizations must ensure that efforts to secure IT operations are closely aligned with efforts to maintain/restore IT operations in the event of a cyber attack, with a focus on:

  • Risk management;
  • Resilience to maintain system and data availability;
  • Recovery of systems if they go down; and
  • Contingency planning for varying degrees of IT failure, up to and including total IT failure.

A comprehensive approach has become necessary as attacks by nation states or those supported by nation state level development capabilities become destructive in nature, capable of disabling access to systems and data or even destroying IT infrastructure.
This advisory note outlines the need for a fresh, collaborative approach to Business Continuity and Cyber Security, and some approaches and considerations that will help organizations to limit the initial and short-term impact of cyber attacks on business operations to achieve the common goals of resilience and recovery, including contingency planning for extreme scenarios such as targeted, long-running attacks that might spread across data centers or disable key IT infrastructure.

Key disruptive/destructive cyber attacks since the 1980s
Figure 4: Key disruptive/destructive cyber attacks since the 1980s
Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use