An Approach to the Modeling of Cyber Resilience Management

Building an adequate level of cyber resilience to deal successfully with the daily threats in a company is a complex task. It requires several interconnected activities such as designing, implementing and maintaining a robust technical infrastructure, developing suitable formal procedures, and building a resilience culture among the employees. In the context of Small and Medium-sized Enterprises (SMEs), building cyber resilience could be more challenging because the resources are scarcer and thus the investments in this regard need to be well justified and accurate, or they could have a fatal effect on the company. This paper presents a simulation model that helps the managers of SMEs understand the need of developing cyber resilience in order to protect their companies. The model also shows the short and long-term effects of different strategies to build cyber resilience. The simulation model makes explicit the key factors to increase cyber resilience and their relationships to efficiently reduce organizational security breaches.