Six actions to improve your organization’s cyber resilience

Cyber security professional on computer with large screens of code

The cyber threat landscape has never been more contested or unstable. In response to client concerns following a recent wave of high profile breaches, CyberCX has prepared this baseline checklist of six actions that every organization should take to address the key issues arising from these incidents as we understand them.

Six Actions Checklist


Stress test your incident response plans

Embed internal and external threat monitoring

Conduct a personal information audit

Understand your exposure to the internet

Review your cyber security risk profile

Elevate your cyber hygiene training and education


1. Stress test your incident response plans

Collate and review your Cyber Security Incident Response Plan, your Incident Response Playbooks and your other crisis management documents – including your cyber crisis communication plans.

Your organization should consider stress testing your existing documents with a Cyber Incident Response Exercise involving all parties in your cyber ecosystem, incorporating learnings from real-world incidents, and preparing both your technical and executive leaders for the practical considerations at the centre of a cyber incident.

2. Embed internal and external threat monitoring

The most effective cyber security environments perform continuous monitoring to detect and respond to cyber threats.

Internal monitoring should include logs from critical systems and applications (especially those holding the most sensitive data), activity on servers and user computers, and network ingress points such as VPNs and internet-facing applications. External monitoring should include dark web monitoring for references to the organization on underground channels and regular collection.

All detections should be responded to quickly and thoroughly by properly trained specialists.

3. Conduct a personal information audit

Review what personal information your organization is storing, where it is saved, how long it is retained, how it is accessed, and by whom.

What personal information is stored

Ensure that your organization is aware of exactly what personal information is being stored in your systems.

Location, location, location

Personal information is frequently held across multiple systems with varying levels of security.

Most organizations would be surprised at the amount of information stored in development and testing environments, and in email systems and share drives – the “low hanging fruit” locations from which attackers most frequently steal confidential data.

How long personal information is retained

A foundation of best-practice privacy is that personal information must be permanently deidentified or destroyed when it is no longer needed for business or compliance purposes.

Your organization should review what data is currently retained and consider limiting what is stored to meet your business and legal obligations.

Understand access 

Ensure that your organization has clear protocols for who (or which programs) may access what personal information, and under what circumstances. You should be able to understand how you monitor this, and how unauthorised access would be detected.

4. Understand your exposure to the internet

Manage your attack surface by understanding which of your organization’s applications and systems are exposed to the internet.

As you develop or integrate new systems, ensure that they adhere to secure coding guidelines, with a documented security profile. Once deployed, your organization should regularly validate the security of these interfaces with both automated tools and penetration testing.

5. Review your cyber security risk profile

Your organization should work across your executive and technical leaders to specifically identify your cyber risks and address each specifically to ensure that they have been mitigated – and where this is not possible, that residual risk positions are accepted by the organization.

6. Elevate your cyber hygiene training and education

Training and testing staff to ensure that cyber security remains an organization-wide priority is critical to ensuring that gaps in your cyber defence are avoided, and to increase the likelihood that attacks are detected and disrupted. This could take the form of phishing simulations, escape rooms, online training modules or face to face training.


Organizations must be vigilant

Those who action these six steps in the coming weeks and months will be working from a stronger, more secure foundation as the cyber threat environment continues to evolve.

Ready to get started?

Find out how CyberCX can help your organization manage risk, respond to incidents and build cyber resilience.