The CRO Forum looked into the issues around cyber resilience in the paper it published in 2014. In this paper, cyber risk was defined as the risk of doing business in the cyber environment. This paper builds on the 2014 paper to focus on how to address the challenges around the collection of data to support improved cyber resilience.