Black Hat 2024: Why Cyber Resilience Is a Whole-Organization Issue

With the term "cyber resilience" having officially entered the security lexicon, it's time CXOs and boards cultivate closer ties with CISOs, since they all are stakeholders in risk management, notes Theresa Lanowitz, chief cybersecurity evangelist at LevelBlue in a conversation at the Dark Reading News Desk during Black Hat USA. Her perspective derives from recent research conducted by LevelBlue that included 1,500 respondents in 18 countries. The topic: How CXOs come together and coalesce around the idea of cyber resilience.

"Cyber resilience says, 'What happens when your attire IT estate experiences something catastrophic or near catastrophic," Lanowitz says. "How do those teams come together and how do they work to actually cope and resolve the issue?"

And as it turns out, there's room for improvement. Lanowitz says she was surprised to see how differently CIOs, CTOs, and other executives view business issues and the associated risks. And the CISO, who often doesn't report directly to the CEO, is more operationally focused. "In order to be cyber resilient, the CISO has to have that full seat at the proverbial table because of the way they look at budgets, the way they look at risk, the way they look at compliance is completely different," she says. "And the types of things [CISOs] can do to help the organization be more resilient is completely different across the board as well."

The pervasiveness of computing means cyber resilience has to be a "whole-organization" issue, Lanowitz says, yet only 35% of her study's respondents had any kind of formalized incident response in place. "Cyber security has to be something your organization sees as something that you want to participate in, something to be far more proactive and intentional versus reactive and transactional."

Theresa Lanowitz is the chief cybersecurity evangelist at LevelBlue, a strategic alliance between AT&T and WillJam Ventures, that simplifies cybersecurity for the businesses fueling our global economy. She has held influential roles at companies including Gartner, Borland, Taligent, and Sun Microsystems, significantly impacting application security and emerging technologies.