Repelling the cyberattackers

For many businesses, the next wave of innovation and growth will likely involve intelligent analytics, rich mobile experiences, and “one touch” processes that require no further manual intervention. Success will depend on maintaining trust: consumers and business customers alike will accept nothing less than a complete assurance that the companies they engage with protect their highly sensitive data carefully in the hyperconnected information systems powering the digital economy.

When companies think about cybersecurity in such a world, most ask, “How can we protect ourselves and comply with standards or regulations?” instead of “How do we make confident, intelligent investments given the risks we face?” Many also treat cybersecurity primarily as a technology function rather than integrating it into business operations. As a result, they get the wrong answer about how to construct a cybersecurity program. The consequences are painfully clear: nearly 80 percent of technology executives surveyed report that their organizations cannot keep up with the attackers’ increasing sophistication.

The solution, we’re convinced based on years of research and experience on the front lines, is to move beyond models that make cybersecurity a control function and toward what we call digital resilience: the ability to design customer applications, business processes, technology architectures, and cybersecurity defenses with the protection of critical information assets in mind (Exhibit 1). Digital resilience is the subject of our new book, Beyond Cybersecurity: Protecting Your Digital Business, and the focus of this article.