Your "How-to" guide to corporate resilience

Philippe Dann, Head of Risk and Business Advisory, EBRC
By Le Figaro 02/06/2021
Banking, Insurance & Fintech
Health & Life Sciences
Public Sector & European Institutions
Defense & Space
Technology & Software Providers
Energy, Logistics & Industry

No company can be immune from ransomware, malware and other attacks led by cybercriminals. EBRC is aware organisations must carry out careful analyses of the threats in order to improve risk anticipation. Knowing this enables effective reaction strategies to be developed, thus ensuring the business continuity during and after an attack.

EBRC was founded in 2000, when the digital economy emerged, in Luxembourg as companies and financial sector regulators began to understand the importance of securing and guaranteeing the continuation of key activities during crisis situations. The company foundation took place when the digital economy emerged.

Jean-François Hugon, Head of Marketing, EBRC
Jean-François Hugon, Head of Marketing, EBRC

"We started by building Tier IV certified data centres, the highest standard when it comes to data centers, which allows us to guarantee an availability rate by 100% to our clients. We can confirm EBRC suffered zero downtime over the past two decades. We are proud of this achievement!” explains Jean-François Hugon, Head of Marketing at EBRC. "To complete our offering, we have developed a full range of functionalities, “Trusted Services Europe”. In this framework, EBRC operates its own European sovereign cloud, “EBRC-Trusted Cloud Europe”. In addition, with three other partners, we have joined the GAIA-X initiative as a “Day-One Member”. GAIA-X is active, in the space sector among other fields. Moreover, our company is present in all major French cities through our subsidiary, DIGORA.

EBRC is both ISO 27001 (a standard related to information security) and ISO 22301 (business continuity) certified. Thanks to these certifications, our company has reinforced the rapid growth of its advisory activities, in particular for cyber-resilience.
"We meet companies facing two main challenges,” explains Philippe Dann, Head of Risk and Business Advisory at EBRC. “First, they have to get a solid understanding of their business needs in terms of security and continuity, featuring a clear mapping of their activities in order to guarantee the IT infrastructure capacity (internal, external or outsourced) is adequate.. This infrastructure will prove helpful in case of an operational incident or attack. Anticipating the resources required to ensure the business continuity is key step of the process. The second challenge is to assess as accurately as possible their IT risks."

Cybersecurity is not enough...

EBRC works with clients to build their Cyber-Resilience. This is more than facilitating the deployment of tools to defend against attacks, it is about creating an organisation capable to react quickly in case of an incident, and maintain service levels through the crisis period and beyond.
Being ISO 27001 and ISO 22301 certified shows the company has the ability to provide its clients with maturity assessments or free-of-charge self-assessment tools. “These are early stage audits, which enable us to assess the situation and support our clients via programmes improving their security or business continuity," continues Philippe Dann. “We act as consultants, and can deploy tools such as our unique Cyber Resilience Portal, which helps us connect business needs in terms of continuity and security with the IT capacity to support these needs." Via the Hexatrust cluster of innovative companies, EBRC has formed a partnership with the French company Egerie. Their risk and compliance management software solution allows very detailed and efficient assessments .
"This preventive approach allows each company to define the responses which are best suited to its own activity, in a specific and optimised way; enabling them to be better prepared and thus better equipped to face threats and maintain their activities through crises, which amongst other concerns, is an important guarantee for shareholders," says Jean-François Hugon. Philippe Dann concludes: "the term cyber-resilience takes on its full meaning in an organisation. Each organisation is not an accumulation of activities but rather a set of activities that are interdependent with internal and external stakeholders. All these relationships must be considered when we seek to protect ourselves properly.”