Protecting your critical digital assets: Not all systems and data are created equal

Published on McKinsey, January 2017, by Piotr Kaminski is a senior partner in McKinsey’s New York office, Chris Rezek is a senior expert in the Boston office, Wolf Richter is a partner in the Berlin office, and Marc Sorel is a consultant in the Washington, DC, office. The authors wish to thank Oliver Bevan and Rich Cracknell for their contributions to this article.

Top management must lead an enterprise-wide effort to find and protect critically important data, software, and systems as part of an integrated strategy to achieve digital resilience.

The idea that some assets are extraordinary—of critical importance to a company—must be at the heart of an effective strategy to protect against cyber threats. Because in an increasingly digitized world, protecting everything equally is not an option. The digital business model is, however, entirely dependent on trust. If the customer interface is not secure, the risk can become existential. Systems breaches great and small have more than doubled in the past five years, and the attacks have grown in sophistication and complexity. Most large enterprises now recognize the severity of the issue but still treat it as a technical and control problem—even while acknowledging that their defenses will not likely keep pace with future attacks. These defenses, furthermore, are often designed to protect the perimeter of business operations and are applied disjointedly across different parts of the organization...

Read the full "Protecting your critical digital assets: Not all systems and data are created equal" at McKinsey ►