When “everything is becoming digital,” private, public, and civil institutions become more dependent on information systems and more vulnerable to attack by sophisticated cybercriminals, political “hacktivists,” nation-states, and even their own employees. As a result, all of our institutions will have to make increasingly thoughtful trade-offs between the value inherent in a hyperconnected world and the risk of operational disruption, intellectual property loss, public embarrassment, and fraud that cyberattacks create.

Over the past year, McKinsey and the World Economic Forum undertook joint research to develop a fact-based view of cyberrisks, assess their economic and strategic implications, and lay out a path forward. Interviews with executives and data from more than 200 enterprises, technology vendors, and public agencies contributed to the three main findings for enterprises:

  • Despite years of effort, and tens of billions of dollars spent annually, the global economy is still not sufficiently protected against cyberattacks—and it is getting worse. The risk of cyberattacks could materially slow the pace of technology and business innovation with as much as $3 trillion in aggregate impact.
  • Enterprise-technology executives agree on the seven practices they must put in place to improve their resilience in the face of cyberattacks; even so, most technology executives gave their institutions low scores in making the required changes.
  • Given the cross-functional, high-stakes nature of cybersecurity, it is a CEO-level issue, and progress toward cyberresiliency can only be achieved with active engagement from the senior leaders of public and private institutions.

Here are the key tenets relative to cybersecurity

  1. Prioritize information assets based on business risks.
  2. Provide differentiated protection based on importance of assets.
  3. Deeply integrate security into the technology environment to drive scalability.
  4. Deploy active defenses to uncover attacks proactively.
  5. Test continuously to improve incident response.
  6. Enlist frontline personnel to help them understand the value of information assets.
  7. Integrate cyberresistance into enterprise-wide risk-management and governance processes.

Read more : http://www.mckinsey.com/