More and more business value and personal information worldwide are rapidly migrating into digital form on open and globally interconnected technology platforms. As that happens, the risks from cyberattacks become increasingly daunting. Criminals pursue financial gain through fraud and identity theft; competitors steal intellectual property or disrupt business to grab advantage; “hacktivists” pierce online firewalls to make political statements.
As highly visible breaches occur with growing regularity, most technology executives believe that they are losing ground to attackers. Organizations large and small lack the facts to make effective decisions, and traditional “protect the perimeter” technology strategies are proving insufficient. Most companies also have difficulty quantifying the impact of risks and mitigation plans. Much of the damage results from an inadequate response to a breach rather than the breach itself.
Complicating matters further for executives, mitigating the effect of attacks often requires making complicated trade-offs between reducing risk and keeping pace with business demands. Only a few CEOs realize that the real cost of cybercrime stems from delayed or lost technological innovation—problems resulting in part from how thoroughly companies are screening technology investments for their potential impact on the cyberrisk profile.