By Sundar Balasubramanian, Managing Director for India and South Asia, Check Point Software Technologies
Operational resilience in the context of cyber security means strengthening an organization’s ability to respond to crises. It must be prepared for disruptions, whether caused by attacks, technical failures, or human error. In addition, it must be able to respond quickly and recover sustainably. There is no definition yet, but the BSI Group uses the term “organizational resilience” and defines it as follows: “Organizational resilience is the ability of an organization to absorb shocks and adapt to a changing environment in order to achieve its goals, survive, and thrive.” Derived from this and tailored to the role of the CISO, operational resilience aims to protect organizations from cyberattacks in such a way that both economic survival and ongoing operations are equally secured.
CISOs are shaping operational resilience as a strategic management goal. They are taking responsibility and embedding their goals in corporate strategy.
The CISO’s job is to create the technological, procedural, and organizational conditions necessary for IT security in their company. They create a security architecture aimed at resilience, drive the integration of interoperable platforms, and establish processes for continuous risk monitoring. In addition, they ensure the development of incident response and backup capabilities as well as the meaningful use of threat intelligence information. At the same time, the CISO acts as a bridge between traditional IT, the business, management, and specialist departments. They pursue the goal of embedding security measures in the company strategy, creating clear responsibilities, and building a resilience-promoting corporate culture. In short, they must create operational resilience.
Supporting this shift, India’s evolving tech landscape is witnessing a sharp rise in demand for talent in areas like cyber security (up 215%), cloud (16%), and data analytics (256%), as per Quess Corp’s Annual Digital Skills Report FY24. These skills are foundational to helping CISOs build scalable, secure, and responsive IT environments. As Indian enterprises intensify digital transformation, CISOs are not only protecting systems—they’re actively shaping hiring strategy and driving enterprise-wide resilience from the ground up.
Operational resilience requires technological resilience
Unlike operational resilience, however, this approach focuses purely on providing crisis-proof technology. Together, the two ensure resilience in maintaining ongoing operations. Technological resilience requires modular, fault-tolerant systems with strong automation and continuous testing and validation loops. An effective resilience strategy is based on the interoperability of security technologies via open interfaces, integrated data management, and a consolidated platform architecture. Only then can sub-disciplines and technologies such as XDR, EDR, cloud security, IAM, and zero trust work together as core components. Resilient teams are interdisciplinary, DevSecOps-oriented, and closely integrated with the business. Building an adaptive security platform in the form of a hybrid mesh architecture creates transparency, automation, and rapid responsiveness. However, this is crucial for resilience in an increasingly complex threat landscape. Technological resilience basically describes an organization’s ability to remain functional and recover quickly despite technical disruptions, attacks, or failures.
This involves identifying various core components and competencies.
These include:
- System redundancy,
- Modularity, e.g. fail-open vs. fail-close in terms of fault tolerance,
- automated recovery via infrastructure-as-code,
- cyber resilience integration, e.g., via zero trust,
- deception,
- threat hunting,
- table top exercises, and
- concrete testing & simulation via chaos engineering or red teaming approaches.
Coordination and interoperability
CISOs must coordinate security technologies and ensure their interoperability. Their goal is to create a harmonious, holistic security ecosystem rather than a collection of individual solutions. They are responsible for maintaining an overview of the so-called “security sprawl,” i.e., the jungle of providers. Unfortunately, the knee-jerk reaction of consolidating providers, i.e., reducing the number of security tools, is often taken too early as a solution. In contrast, deeper integration with a platform provider with a proven ecosystem is the much better choice.
CISOs should therefore not commit to a single provider, but rather focus on the right ecosystem and keep an eye on technological harmony. In a crisis, technologies must be able to interact and be managed via a single platform; a multitude of partial solutions and platforms makes detection and defense more difficult. If, for example, some of the security systems are bypassed during a cyberattack, interconnected systems could still monitor the behavior of the malware and report it via the platform. While working together, they can then detect and thwart the attack at an early stage. Establish a culture of error In addition, it is important to build resilient security teams. These teams are characterized by interdisciplinarity, DevSecOps orientation with clearly defined roles and responsibilities within a “failure culture.”
Security teams must repeatedly train together for emergencies in order to prove their resilience. Specialization does not necessarily help if silo thinking prevails. It is important to work together harmoniously in extreme situations. CISOs should establish a form of “Growth Through Mistakesnight” in their teams. No one is perfect, and mistakes happen, especially in stressful situations. That’s why it’s important for managers to support their teams and cushion them from pressure coming from all directions, whether it’s from senior management, individual departments, or external sources such as service providers or customers. However, such a culture must not operate in silos. It should enable the results of regular training and experience gained from security incidents to be discussed openly with one another. If the insights gained are transferred into your own practices, a robust error culture emerges in which the CISO can rely on their team in an emergency, but the team can also rely on their CISO.
