网络弹性指南针：迈向弹性之旅（英）

The Cyber Resilience Compass:Journeys Towards Resilience W H I T EP A P E RA P R I L2 0 2 5 Contents Foreword3 Executive summary4 1. Unpacking cyber resilience5 3. Learnings from front-line practice8 3.4 Business processes14 3.5 Technical systems16 3.7 Ecosystem engagement20 Conclusion and next steps22 Methodology22 Contributors23 Acknowledgements23 Disclaimer This document is published by the WorldEconomic Forum in collaboration with theGlobal Cyber Security Capacity Centre(GCSCC), University of Oxford, as a contributionto a project, insight area or interaction. Thefindings, interpretations and conclusionsexpressed herein are the result of a collaborativeprocess facilitated and endorsed by theWorld Economic Forum but whose resultsdo not necessarily represent the views of theWorld Economic Forum, nor the entirety of itsMembers, Partners or other stakeholders. ©2025 World Economic Forum. All rightsreserved. No part of this publication may bereproduced or transmitted in any form orby any means, including photocopying andrecording, or by any information storage andretrieval system. Foreword Sadie CreeseProfessor of Cybersecurity;Director and Technical BoardChair, Global Cyber SecurityCapacity Centre, Universityof Oxford Akshay JoshiHead, Centre forCybersecurity,World Economic Forum insights drawn from the front-line practices ofleading organizations globally. It emphasizes theneed to move beyond technical solutions anddevelop comprehensive strategies that align withbusiness objectives. Through consultations andworkshops with cybersecurity practitioners, thiswork distils real-world lessons on what works – andwhat does not – when confronting cyber risks. Cyber resilience matters. As businesses andgovernments continue to evolve their use of digitaltechnologies and data, global dependence oncyberspace continues to grow. This increasingreliance exposes organizations and individuals toheightened cyber risks at a time when threat actorsare becoming more sophisticated, well-resourcedand innovative. Cyber resilience acknowledges that no system isentirely secure. Traditional cybersecurity effortshave evolved from merely implementing technicalsecurity controls to a broader strategy focused onsafeguarding core business objectives. The goal isnot just to prevent cyber incidents but to minimizetheir impact on an organization’s primary goals andobjectives, such as maintaining critical services,safeguarding stakeholder confidence and protectingstrategic value, while promoting long-term growth. Ultimately, cyber resilience is a practice, not atheory, and sharing learnings about “what works”is key to building collective knowledge in the field.The Cyber Resilience Compass should not be seenas a static tool but as a vehicle for organizationsto exchange experiences and identify front-linepractices as they seek to make progress along theircyber resilience journey. We invite you to accessadditional insights and contribute to the CyberResilience Compass here. Building on our previous white paperUnpackingCyber Resilience, this publication delves intothe practical aspects of cyber resilience, offering Executive summary Cyber resilience is an organization’sability to minimize the impact ofsignificant cyber incidents on itsprimary business goals and objectives. The specific actions any organization takes tostrengthen its cyber resilience will vary dependingon the context and will change over time asthe business, threat landscape and underlyingtechnologies evolve. There are, nonetheless,some paths to success that can be illuminated bythe collective experiences and insights of peers.Sharing good practice, what works and how toovercome barriers to success has motivated thisendeavour (seeUnpacking Cyber Resilience). Leadership Governance, risk and compliance People and culture Business processes Technical systems Crisis management To gather insights on leading practices, theWorld Economic Forum, in collaboration withthe University of Oxford, conducted a series ofconsultations and workshops with cyber leadersacross geographies and industries, addressing thefollowing questions: Ecosystem engagement This white paper highlights the critical role ofcollaboration, knowledge-sharing and adaptivelearning in strengthening cyber resilience. Thereis no universal blueprint for success – eachorganization must tailor and scope its approachbased on its specific context, strategy and externalfactors. However, by drawing on the experiences ofothers, organizations can identify effective strategiesand shape their own resilience roadmaps tonavigate an increasingly complex cyber landscape.As a vehicle for the sharing of front-line practicesand experiences, the Cyber Resilience Compassseeks to provide the valuable insights that helporganizations develop and refine their cyberresilience journey. What have they done to cope with threatsposed to their organization? What worked for them? What failed? Those discussions identifie