The World Economic Forum Centre for Cybersecurity has developed the Cyber Resilience Framework (CRF) and the Cyber Resilience Index (CRI), which are the framework and measurements that provide guidelines to build secure and robust cyber resilience and to measure organizational performances for public and private sector cyber leaders. The CRF constitutes 6 principles, and each principle is accompanied by a set of practices and sub-practices to help cyber professionals/leaders to better assess resilience. For example, the first principle, “Regularly assess and prioritize cyber risk,” has 3 practices (determine the risk context, assessments, and prioritization; validate risk integration; drive risk-based decisions) and 2 sub-practices for each practice that details how to conduct the practice. Throughout this white paper, the WEF highlights the urgency of cyber-risk analysis to leverage standards and operations (principles 1,2), the importance of developing cyber awareness across board members and industry (principles 3,4,6), and the adaptability of organizational cyber-resilience strategy design (principle 5,6). The CRI is described as “Measurement scorec = (valuec — minc)/ (maxc — minc) x 100,” which combines measures relating to each CRF sub-practice. The value c is the measure of organization c, min is the lowest value for the measure, and max corresponds to the best possible outcome. This white paper would be a helpful tool for cyber leaders as they can measure and reconsider their prioritization by referring to the framework.
