Cybersecurity in a Digital Era by McKinsey. Digital McKinsey and Global Risk Practice.

Even before the advent of a global pandemic, executive teams faced a challenging and dynamic environment as they sought to protect their institutions from cyberattack, without degrading their ability to innovate and extract value from technology investments. CISOs and their partners in business and IT
functions have had to think through how to protect increasingly valuable digital assets, how to assess
threats related to an increasingly fraught geopolitical environment, how to meet increasingly stringent
customer and regulatory expectations and how to navigate disruptions to existing cybersecurity models
as companies adopt agile development and cloud computing.

We believe there are five areas for CIOs, CISOs, CROs and other business leaders to address in particular:

  1. Get a strategy in place that will activate the organization. Even more than in the past cybersecurity
    is a business issue – and cybersecurity effectiveness means action not only from the CISO organization, but also from application development, infrastructure, product development, customer care,
    finance, human resources, procurement and risk. A successful cybersecurity strategy supports the
    business, highlights the actions required from across the enterprise – and perhaps most importantly
    captures the imagination of the executive in how it can manage risk and also enable business innovation.
  1. Create granular, analytic risk management capabilities. There will always be more vulnerabilities
    to address and more protections you can consider than you will have capacity to implement. Even
    companies with large and increasing cybersecurity budgets face constraints in how much change
    the organization can absorb. Therefore, better cybersecurity requires the ability to make rigorous,
    fact-based decisions about a company’s most critical risks – and which cybersecurity investments it
    should make.
  2. Build cybersecurity into business products and processes. For digital businesses – and almost
    every company we know of aspires to be a digital business – cybersecurity is an important driver of
    product value proposition, customer experience and supply chain configuration. Digital businesses
    need, for example, design security into IoT products, build secure and convenient customer
    interaction processes and create digital value chains that protect customer data.
  3. Enable digital technology delivery. Digital businesses cannot let slow technology delivery get in
    the way of business innovation, so they are scrambling to adopt agile development, DevOps, cloud
    computing. However, most companies have built their security architectures and processes to
    support waterfall development and on-premises infrastructure – creating a disconnect that can
    both increase risk and decelerate innovation. Forward-leaning CISOs are moving to agile security
    organizations that enable much more innovation technology organizations.
  4. Help the business address impacts of a global pandemic. COVID-19 created three imperatives
    for cybersecurity teams: supporting continued business operations by enabling remote working,
    mitigating immediate risks – and helping their business partners transition to the next normal.

Over the past year, we’ve sought to publish cybersecurity articles in each of these areas that will help
senior executives consider their options and make pragmatic decisions about how to move forward in
making the right tradeoffs in managing technology risks. We hope you find this compendium of articles
interesting and helpful. We, and our colleagues in McKinsey’s cybersecurity practice, have appreciated
the opportunity to comment on what we consider to be one of the most complex and important business
issues today.

Leave a Reply

Your email address will not be published. Required fields are marked *