Email Security

    Cybersecurity vs. Cyber Resilience

    What’s the difference between Cybersecurity and Cyber Resilience?

    by Matthew Gardiner

    While the term “cybersecurity” is as old as the hills in the security world, the term “cyber resilience” has been gaining momentum. This is a good thing. Cybersecurity management is complex and always changing, and focusing on security alone simply isn’t enough – organizations need a more comprehensive strategy. You might ask: “Isn’t cyber resilience the same thing?” Absolutely not. A quick visit to for synonyms for those core terms is a great place to start for some clues to their differences:

    • Security –> Defense, Guard, Precaution, Safeguard, Sanctuary, Shield
    • Resilient -> Buoyant, Supple, Elastic, Hardy, Plastic, Pliable, Quick to Recover, Rubbery, Springy

    What jumps out at me is that “security” is a term which is focused on preventing bad things from happening. Whereas “resilient” is about quickly getting back to “good” in the face of the inevitable impact of bad things.

    These concepts translate perfectly to the world of IT security in general, and email security in particular. Organizations should be focused on making their IT systems such as their email, resilient to attacks and not focus purely on the goal of 100 percent preventive security.

    Is 100 percent prevention even possible? Definitely not. Much like the human body, which is continuously riddled with bacteria and viruses, the goal is to feel and be well, not to prevent these microorganisms from getting in. We could all live in the equivalent of a semiconductor clean room, continuously taking anti-bacterial baths and pills, and eating only irradiated food, but that doesn’t sound very pleasant. The bodies of generally healthy people thrive through resilience, not prevention.

    The best approach for IT security is to have a balanced, resilient approach that encompasses threat prevention and adaptability to new types of threats combined with built-in durability and fast recovery.  This is the approach organizations should focus on for all business-critical IT systems, especially their most mission-critical business application: Email.

    According to research from Vanson Bourne, only 30 percent of organizations surveyed have adopted a cyber resilience strategy, and only one-third of those are in the early stages of development or planning. Too many organizations are leaving themselves exposed to the unknown – but it doesn’t have to be this way. By developing a more holistic approach organizations can safeguard against email-borne cyberattacks, business disruption, data loss and human error. 


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top