Cover image: ©mistery/Shutterstock
Cover design: Wiley
Copyright © 2015 by McKinsey & Company, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993, or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
ISBN 9781119026846 (Hardcover)
ISBN 9781119026914 (ePDF)
ISBN 9781119026907 (ePub)
We live in a remarkable age of technology innovation. The speed with which we are able to communicate, collaborate, and transform our businesses and organizations is truly astounding. Yet the risk created by our increasing dependence on those technology advancements is equally astounding. The economic, operational, and reputational risks of technology are well known to anyone who has paid even passing attention to the almost daily security breach headlines.
In their research, so effectively laid out in this book, the authors explain why there is so much cyber insecurity today, how it has become such an intractable problem, why it could get worse, and what organizations, industries, and governments must do now to start to address the problem. Importantly, James Kaplan, Tucker Bailey, Chris Rezek, Derek O’Halloran, and Alan Marcus go beyond elucidating today’s risks and how to mitigate them, and extrapolate the downstream economic consequences if organizations don’t change their fundamental approach to cybersecurity.
During the course of the authors’ work, I had an opportunity to preview their methodology and early results. So much of what they were seeing in organizations around the globe mirrored what I had been seeing and hearing from RSA’s customers. As the authors subsequently presented their early findings to national representatives of countries from Europe, Asia, and the Americas at the 2014 RSA Conferences, it was clear that their findings resonated globally and reflected a universal experience. At these sessions, I was encouraged to see such an improved understanding of the need for all nations to cooperate to solve this problem.
It is clear from the research that the advent of cloud, mobile, and social media technologies combined with contemporary digital business practices has so expanded and distorted the attack surface of organizations that it is no longer possible to use the perimeter as an effective defense method. The perimeter that used to serve as a barrier between organizations and the external world has been perforated to the point that even a Swiss cheese metaphor is too charitable. The perimeter has become fragmented, ephemeral, dynamic, and contextual. As such, the security programs and controls on which we have relied are being overwhelmed. A new security model is called for and the authors of this book are recommending a multitiered approach based on the concept of digital resilience – an approach that has been adopted by leading companies around the world and has rapidly become conventional wisdom.
