The McKinsey and World Economic Forum report Risk and Responsibility in a Hyperconnected World: Implications for Enterprises looks at the potential consequences of cyber threats to the world’s economy. It is a wake-up call to those who are uncertain how important cybersecurity is to the global financial ecosystem. The bigger picture is not about network infiltrations, pilfered credit card numbers, selling of illicit goods in the shadows of dark markets, loss of proprietary data, or even broad surveillance techniques undertaken by many governments. The sum is greater than the parts. This is about the potential financial impact of how and when the growth and adoption of our digital Era may be choked into lethargy. In short, the report provides an estimate of how cyberthreats can jeopardize the phenomenon of everything becoming digital and impede innovation and adoption of supporting technology.
Three points you should pay attention to:
1. Despite tens of billions of dollars, cyber security is not sufficient to protect the digital economy. In fact, it is getting worse
2. Cyber-attacks could cause a $3 trillion aggregate impact to the global pace of technology adoption
3. If a tipping point is reached, where ‘cyberbacklash’ occurs, the impact could grow to $10 trillion to $20 trillion dollars worldwide
It is scary on an epic scale. Organizations must have a plan and think strategically, else they will feel the pain of dealing with crisis after crisis. The report provides a number of strategic industry recommendations, which make sense regardless of the size of organization, and collectively can bolster the overall posture protecting the global economy. They align to sound principles which I have previously discussed in blogs and whitepapers on the Defense-in-Depth approach.
The paper recommends the following:
- Assets must be prioritized as well as corresponding security controls, as it is impractical and massively inefficient to attempt to protect everything equally
- Deeper integration of security must occur to be effective and cost efficient
- Organizations must proactively detect attacks and do so faster
- Incident response must improve to reduce impacts
- Behavioral, not just technical controls must be instituted
- Establish continual improvement to the organization’s cybersecurity program
These recommendations contribute to a more mature, effective, and sustainable security posture which can adapt over time and remain in-step with evolving threats.
Protecting and preserving the pace of digital adoption will require executive leadership across the industry to implement necessary measures to better comprehend the threats and sustain cyber security strategies to counter attacks and maintain an acceptable level of risk.
For more information of aligned thinking, take a look at the Defense in Depth methodology and other blogs on the subject. The McKinsey reports recommendations align well to the model of Prediction, Prevention, Detection, and Response. Prediction is about understanding what is likely to be attacked, by whom, and with what methods. Such intelligence give the necessary insights to carefully plan the most optimal defense. Prevention are those controls aligned with interdicting such attempts and avoiding loss. Detection catches and understands what gets through the preventative controls. Response is the cleanup to a normal state and applying lessons-learned back into the beginning of the cycle to insure problems are not repeated. In the end, without cyber-security strategic leadership, we are left with crisis.
I strongly recommend reading the World Economic Forum and McKinsey report.
Matthew Rosenquist is an information security strategist, with a passion for his chosen profession. Benefiting from nearly 20 years of experience in Fortune 100 corporations, he has thrived on establishing strategic organizations and capabilities which deliver cost effective information security services.
Find him on Linkedin
Follow him on Twitter (@Matt_Rosenquist)
Follow his blog at Information Security Strategy
Check out his previous posts and discussions