Beyond Cybersecurity: Protecting Your Digital Business
Beyond Cybersecurity: Protecting Your Digital Business arms your company against devastating online security breaches by providing you with the information and guidance you need to avoid catastrophic data compromise. Based upon highly-regarded risk assessment analysis, this critical text is founded upon proprietary research, client experience, and interviews with over 200 executives, regulators, and security experts, offering you a well-rounded, thoroughly researched resource that presents its findings in an organized, approachable style.
Members of the global economy have spent years and tens of billions of dollars fighting cyber threatsbut attacks remain an immense concern in the world of online business. The threat of data compromise that can lead to the leak of important financial and personal details can make consumers suspicious of the digital economy, and cause a nosedive in their trust and confidence in online business models.
- Understand the critical issue of cyber-attacks, and how they are both a social and a business issue that could slow the pace of innovation while wreaking financial havoc
- Consider how step-change capability improvements can create more resilient organizations
- Discuss how increased collaboration within the cybersecurity industry could improve alignment on a broad range of policy issues
- Explore how the active engagement of top-level business and public leaders can achieve progress toward cyber-resiliency
Beyond Cybersecurity: Protecting Your Digital Business is an essential resource for business leaders who want to protect their organizations against cyber-attacks.
Executive Summary xxi
1 Cyber-attacks Jeopardize Companies’ Pace of Innovation 1
2 It Could Get Betteror $3 Trillion Worse 31
3 Prioritize Risks and Target Protections 53
4 Do Business in a Digitally Resilient Way 77
5 Modernize IT to Secure IT 101
6 Engage Attackers with Active Defense 123
7 After the Breach: Improve Incident Response across Business Functions 141
8 Build a Program that Drives toward Digital Resilience 157
9 Creating a Resilient Digital Ecosystem 185
About the Authors 215
JAMES M. KAPLAN is a partner with McKinsey & Company in New York. He co-leads McKinsey's global IT infrastructure and cybersecurity practices.
TUCKER BAILEY is a partner in the Washington, DC location of McKinsey's Business Technology Office.
DEREK O'HALLORAN is Head of Information Technology and Electronics Industries at the World Economic Forum.
ALAN MARCUS is Head of Information and Communication Technology Industries at the World Economic Forum.
CHRIS REZEK is a senior expert consultant with McKinsey & Company in Boston.
If private and public organizations are to survive the ongoing cyber-attacks that put their information assets and online processes at risk, they must build effective cybersecurity into their business and IT processes. Beyond Cybersecurity: Protecting Your Digital Business offers a hands-on guide that includes the practical steps institutions can take to achieve digital resilience and protect against cyber-attacks while creating value from technology investments and innovation.
Cybersecurity must move up the corporate and political agenda if institutions are to remain safe and realize the full potential value of innovation. The authors—experts in the field of cybersecurity—outline the seven hallmarks of digital resilience and offer vital information on how to incorporate cybersecurity into business decision-making. They explain what frontline users can do to protect information assets, describe how to create active defenses in order to respond to emerging threats, and explore how to build incident response skills across business functions.
Beyond Cybersecurity explains how to create an effective cybersecurity program that makes rapid and sustained progress and is designed around three key principles: Encourage collaboration between the cybersecurity team and business partners in order to prioritize risks, make intelligent trade-offs, and change business processes and behaviors, rather than implement technology solutions to manage risks; Focus on resiliency in the broader IT organization to facilitate the convergence of security, efficiency, and agility and ensure that technology platforms are initially designed to be resilient and secure; Upgrade the skills of the cybersecurity team so its managers can understand business risks, collaborate effectively with business partners, navigate a rapidly changing technology environment, influence application and infrastructure environments, and implement active defense tactics.
Using Beyond Cybersecurity as their guide, savvy leaders can improve their cybersecurity capabilities and act in a proactive and determined way.