Who is responsible for Cyber Resilience?

Felicity March
January 24, 2021

At the Cyber Security & Data Protection Virtual Summit in November 2020, Felicity March, Security & Resiliency Director for IBM Services, Europe presented on Managing Cyber disruptions confidently with a paradigm shift in Cyber Culture.

Felicity has spent her life immersed in technology and is passionate about ensuring companies build Resilience right into the core of their strategy and architecture. She understands the importance of Transformation into the Digital World as well as the risks of not having services available.

Felicity started her career as a hacker, and has worked for technology giants for over 25 years, in that time she has worked and advised Companies, Governments and Standards bodies on the emerging IT trends and ensuring integrity and sustainability is baked into the heart of IT. Felicity has a wealth of expertise and experience throughout her career and her insights and perspective are refreshing. She also is an advocate of driving STEM skills into the younger generation and is an active mentor and coach to the next generation of technologists.

Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber-attack. Cyber resilience needs an end-to-end approach that brings together critical areas to ensure organisations continue to function during cyber-attacks and cyber outages.

Some of the cyber-attacks we have seen in 2017, NotPetya and WannaCry in particular, have caused a huge amount of outage. NotPetya cost the globe $10bn while WannaCry cost somewhere between $4-8bn. This is not just the fact that companies were taken down, one company specifically, had 45,000 PCs and 4,000 servers deleted in seven minutes, two minutes later their phone system went down and their security gates in every single one of their buildings across the globe was shut.

You simply cannot react to that fast enough. Companies really struggle to survive attacks like this, so we need to make sure businesses can continue to function in the face of cyber-attacks.

What is the immediate reaction when a Cyber Attack hits a business?

IBM - V1 - Reaction


In the Ponemon Institute's Cost of Data Breach Study on operational risk in 2019, several business owners were asked to respond to the question: “Who has the overall responsibility for directing an organisation’s efforts to ensure a high level of cyber resilience?”

Below are the results:

23% Chief Information Officer
22% BU Leader
14% Chief Information Security Officer
11% No one person
9%   Business Continuity Manager
7%   Chief Risk Officer
7%   Chief Executive Officer
6%   Chief Technology Officer

Cybergeddon: The Inquest

Watch as each of the functions respond to questions around who is ultimately responsible for ensuring the organisations resilience to cyber attacks.

Lucinda Porter - CEO, SMart
Gemma Jones - Former CIO, SMart
IBM - SMart - Former CIO
Carl Hooper - CISO, SMart
IBM - Smart CISO Carl
Jay Varma - Disaster Recovery Manager, SMart
IBM - Jay Varma SMart DR
Laura Croft - CMO, SMart
Uche Afumba - CRO, SMart
IBM - Uche Afumba - CRO


The approach and solution are not isolated to one area, it’s holistic and only by looking at the bigger picture and zooming in on each detail, can you fully understand how a business needs to operate.

After listening to all six testimonies, it is clear that cyber recovery and cyber resilience are utterly essential.

What happened to SMart could quite easily happen to any other organisation. Operational and organisational resilience is everyone’s responsibility, and it should be treated as such. To ensure your organisations cyber resilience, IBM have developed incident recovery software, demonstrated below:

IBM Services Cyber Incident Recovery Demo

Find out more at www.ibm.com