Cyber Resilience Project
Developing a systemised pathway to sustainable organisational cyber resilience
In partnership with the World Economic Forum Centre for Cybersecurity, the Centre is undertaking a Cyber Resilience project that will help organisations to maintain operational resilience in the face of rapidly evolving cybersecurity threats.
Context:

The global business community continues to grapple with increasingly complex and widespread cybersecurity risks to their business operations that extend throughout their core enterprise, supply chains and business outputs.

Small, medium and large-scale businesses need to develop holistic institutional cyber resilience to protect their operations, reduce incident recovery times, and establish sustainable business processes.

There is currently a limited supply of resources that business leaders can use to comprehensively assess their resilience posture across the full scope of cyber threats they face.
Overview:
The Cyber Resilience project seeks to establish a comprehensive guide the business community can leverage to strategically achieve institutional resilience within enterprises.
Objectives:
- Develop a common understanding of cyber resilience
- Establish key risk controls, threat scenarios, and systemise experiences
- Collect a set of use cases that demonstrate best practices on building cyber resilience
Publications
Unpacking Cyber Resilience
November 2024
In today’s fast-evolving digital landscape, cyber threats are becoming increasingly complex. Recognising that individuals and organisations cannot prevent all malicious attacks or cyber failures, while embracing the opportunities that digital communication brings, has led to the rise of cyber resilience. This report unpacks the concept of cyber resilience, outlining the evolution of the cyber paradigm and establishes a concept of successful cyber resilience.
Cyber resilience goes beyond cybersecurity, preventing attacks or simply getting back to operations-as-usual – it is about an organisation’s ability to minimise the impact of significant cyber incidents on its primary goals and objectives. The primary goals and objectives can be different for each organisation but will always include the protection of critical service delivery, stakeholder confidence and the principal assets that underpin value and position in the market.
The Cyber Resilience Compass
April 2025
Building on our previous report Unpacking Cyber Resilience, this publication delves into the practical aspects of cyber resilience, offering insights drawn from the front-line practices of leading organisations globally. It emphasises the need to move beyond technical solutions and develop comprehensive strategies that align with business objectives. Through consultations and workshops with cybersecurity practitioners, this work distils real-world lessons on what works – and what does not – when confronting cyber risks.
Ultimately, cyber resilience is a practice, not a theory, and sharing learnings about “what works” is key to building collective knowledge in the field. The Cyber Resilience Compass should not be seen as a static tool but as a vehicle for organisations to exchange experiences and identify front-line practices as they seek to make progress along their cyber resilience journey.
Prof. Sadie Creese
Professor William H. Dutton
Filipe Beato
Jamie Saunders
Caroline Weisser Harris
Luna Rohland
Ioannis Agrafiotis
Patricia Esteve-Gonzalez