Close
    Share
    Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email

    Brain Circuits

    Does your cybersecurity strategy ensure system availability?

    by Öykü Işık Published March 5, 2025 in Brain Circuits • 3 min read

    The global IT outage that affected Microsoft’s Windows last July was a critical reminder of an often-overlooked aspect of cybersecurity: availability. Go through this checklist to test the availability of your systems in the wake of cyber-attack – and read on for help on mitigating risk.

    Checklist

    1. Have we considered mitigation against risks caused by lack of availability, as well as integrity and confidentiality?
    2. Do we have contingency plans in place for incidents like the Microsoft outage, and have we tested them?
    3. Do we have a communication strategy in place for such incidents, where the solution is not within our control?
    4. Do we test updates before releasing them?

     

    4 ways to mitigate risks to system availability

     

    1. Beware of depending heavily on a single large IT vendor…

    Larger vendors offer better pricing due to economies of scale and can be attractive due to their expertise. However, over-reliance on one vendor means that any disruption to their service could have a severe impact on the availability of your systems.

    2 … but don’t complicate things by over-diversifying

    Diversification of vendors, while beneficial in reducing risk, must be managed carefully to avoid the complexity and inefficiency of dealing with too many different systems.

    3. Test all updates

    As the complexity of your IT systems continues to increase, proper testing before deployment becomes increasingly critical. Instead of blindly implementing updates and patches from your vendors, check whether you can test them before releasing them.

    4. Put incident-response plans in place

    Put robust plans in place to manage crises, including clear communication strategies. In a crisis, it’s crucial to communicate frequently and transparently with your clients. Share what’s happening, the steps you’re taking to resolve the issue, and how you’re supporting your customers/partners. Even if the outage stems from a vendor, you are responsible for your customers’ experience and must avoid appearing helpless or overly dependent on the vendor.

    Key takeaways

    Ensuring system availability is a critical pillar of cybersecurity, and risks to availability do not always come from sources acting with malign intent. Organizations should adopt a holistic approach to cybersecurity, incorporating robust incident-response plans, diversified risk-management strategies, and effective crisis-communication protocols. This will help protect against the multifaceted threats of the digital age and maintain trust with clients and stakeholders

     

    Further reading

    The critical cybersecurity lesson from the Microsoft outage

    AI and cybersecurity: Think like a thief to catch a thief

    British Library Cyber Attack – 10 Lessons – Cyber Security

    Cyber resiliency: Building a secure future

     

    Authors

    Öykü Işık

    Professor of Digital Strategy and Cybersecurity at IMD

    Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program and co-directs the Generative AI for Business Sprint. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.

    Related

    X

    Log in or register to enjoy the full experience

    Explore first person business intelligence from top minds curated for a global executive audience

    Get trial accessRegister NowSign in