Forbes Finance Council | By Bob Ackerman | November 14, 2024

As digital transformation accelerates across industries, the conversation around cybersecurity is evolving. It’s no longer just about protecting systems from malicious attacks; it’s about ensuring the resilience of entire digital ecosystems. 

On July 19, cybersecurity company CrowdStrike caused a global IT outage by sending a faulty update that crashed roughly 8.5 million computers running Windows. Hospitals, airports, banks and other critical sectors of the economy came to a screeching halt. The awareness of the need for digital resilience is growing beyond a board-level conversation and is catching the attention of both regulators and insurers, and with attention comes increased scrutiny and oversight. Here’s why your organization needs to be investing in its digital resilience strategy. 

Understanding Digital Fragility

Real risks go far beyond the traditional cyber threat landscape. Today’s global economy rests on a complex and delicate digital foundation that can be disrupted by not only cyber threats but also by software errors, outages or operational failures. The CrowdStrike incident underscores the growing need to move the conversation beyond cybersecurity to one that includes digital resilience—ensuring that systems are robust, adaptable and capable of recovering from a wide variety of disruptions. 

The goal is to guard against external threats while also architecting systems that can withstand internal errors and unanticipated failures. It’s past time to start moving toward a new paradigm of digital resilience, one that is capable of protecting organizations from the broad range of disruptions that can affect today’s hyper-connected, highly digitized world. 

Expanding The Definition Of Risk 

For many years, organizations have focused on cyber threats as the primary risk to their digital assets. However, resilience goes beyond fending off cyberattacks. It encompasses the robustness of the entire digital infrastructure and the ability to continue operating even when unexpected failures occur. We are building on what amounts to a fragile digital foundation, where even the smallest misstep—whether a faulty update or a configuration error—can have significant repercussions. 

The July 19 incident was a stark reminder that organizations must start thinking about resilience at a broader level, including how systems are designed, maintained and secured to withstand both known and unforeseen risks. 

The Evolving Role Of The CISO

As the conversation around digital resilience grows, so does the role of the chief information security officer. Traditionally tasked with protecting an organization from cyber threats, CISOs are increasingly being asked to oversee the broader resilience of the IT infrastructure. This includes not only defending against external attacks but also ensuring that the systems themselves are resilient enough to recover from failures that might arise internally. 

In some organizations, this evolution may even lead to the creation of a chief digital risk officer or chief risk officer, a role that encompasses not only cybersecurity but also enterprise-wide risk, including data privacy, compliance and digital resilience. These roles will focus on ensuring the integrity and resilience of the organization’s digital foundation—managing the complex web of risks that digitization introduces. 

Accountability In The Age Of Digital Resilience 

As the stakes grow higher, so does the need for accountability. It’s no longer enough for companies to offer apologies and credit monitoring after data breaches. With interconnected digital systems, one organization’s failure can have cascading effects across industries and geographies. 

For example, the CrowdStrike incident had far-reaching consequences across nearly every major sector of the economy, particularly in healthcare, banking and air travel. Fortune 500 companies (minus Microsoft) are expected to have at least $5.4 billion in combined direct financial losses. 

Organizations must take greater responsibility for their digital ecosystems. Whether it’s managing the risks of cyberattacks or operational failures, boards of directors need to engage in conversations about resilience. The responsibility to ensure the continuity and robustness of digital operations is shifting from being purely a technical challenge to being a core business concern. 

Building A Resilient Future 

To address these challenges, organizations need a holistic, integrated view of their digital posture. This includes understanding not only where their vulnerabilities lie but also how to build resilience into their systems from the ground up. One way to achieve this is by creating a cyber information center—a centralized hub that aggregates data from all cybersecurity and IT tools to provide real-time insights into an organization’s security and resilience. 

This kind of integrated view allows companies to map their digital estate, identify vulnerabilities and make informed decisions about where they are overprotected or underprotected. Beyond cybersecurity, this approach also helps organizations visualize their resilience, understand potential risks and implement strategies to mitigate them. 

Digital resilience is quickly becoming a critical factor for modern businesses. The complexity and interdependency of today’s digital systems mean that organizations must look beyond traditional cybersecurity measures and take a broader view of the risks they face. From operational failures to cyberattacks, the challenges are vast—but so are the opportunities for innovation in building resilient digital infrastructures. As organizations move forward, they must embrace this broader definition of resilience, ensuring they are prepared for whatever challenges lie ahead.