Improvement of Cyber Resilience by Implementation of a Digital Business Continuity Management System: Evidence from Romania

This paper aims to present a model for increasing the cyber resilience of organizations. Under the business context when cyber incidents risk is the most important risk worldwide for organizations for the third consecutive year, the model proposes a solution for improvement of cyber resilience of organizations, by implementation of a management system based on Business Continuity Management framework and a related software solution for handling the Risk Management data, Business Impact Analysis, Emergency and Recovery Planning, as well as Cyber Crisis Management. The implementation of the digital Business Continuity Management System and Cyber Crisis Management processes is tested through a simulation of a cyber incident leading to disruption of activities and cyber crisis caused by a ransomware attack. The simulation is presented both as design and execution and it can be implemented in any organization having the Business Continuity Management System in place and an internal IT department. The results of the simulation bring evidence for the contribution of the study to the increase of the cyber resilience of the organization. The novelty of the study is represented by the mix of concepts and instruments brought together in the model through which the framework of Business Continuity Management is implemented by means of a dedicated software solution, facilitating steps towards the digitization of the management processes and increase of the organizational and cyber resilience.