世界经济论坛-网络弹性指南针：迈向弹性之旅（英）

The Cyber Resilience Compass: Journeys Towards ResilienceW H I T E P A P E RA P R I L 2 0 2 5In collaboration with the University of OxfordImages: Getty ImagesDisclaimer This document is published by the World Economic Forum in collaboration with the Global Cyber Security Capacity Centre (GCSCC), University of Oxford, as a contribution to a project, insight area or interaction. The findings, interpretations and conclusions expressed herein are the result of a collaborative process facilitated and endorsed by the World Economic Forum but whose results do not necessarily represent the views of the World Economic Forum, nor the entirety of its Members, Partners or other stakeholders.© 2025 World Economic Forum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system.ContentsForewordExecutive summary1. Unpacking cyber resilience2. The Cyber Resilience Compass3. Learnings from front-line practice3.1 Leadership3.2 Governance, risk and compliance3.3 People and culture3.4 Business processes3.5 Technical systems3.6 Crisis management3.7 Ecosystem engagementConclusion and next stepsMethodologyContributorsAcknowledgements34578810121416182022222323The Cyber Resilience Compass: Journeys Towards Resilience2ForewordCyber resilience matters. As businesses and governments continue to evolve their use of digital technologies and data, global dependence on cyberspace continues to grow. This increasing reliance exposes organizations and individuals to heightened cyber risks at a time when threat actors are becoming more sophisticated, well-resourced and innovative. Cyber resilience acknowledges that no system is entirely secure. Traditional cybersecurity efforts have evolved from merely implementing technical security controls to a broader strategy focused on safeguarding core business objectives. The goal is not just to prevent cyber incidents but to minimize their impact on an organization’s primary goals and objectives, such as maintaining critical services, safeguarding stakeholder confidence and protecting strategic value, while promoting long-term growth.Building on our previous white paper Unpacking Cyber Resilience, this publication delves into the practical aspects of cyber resilience, offering insights drawn from the front-line practices of leading organizations globally. It emphasizes the need to move beyond technical solutions and develop comprehensive strategies that align with business objectives. Through consultations and workshops with cybersecurity practitioners, this work distils real-world lessons on what works – and what does not – when confronting cyber risks.Ultimately, cyber resilience is a practice, not a theory, and sharing learnings about “what works” is key to building collective knowledge in the field. The Cyber Resilience Compass should not be seen as a static tool but as a vehicle for organizat