Cybersecurity performance can be managed, but only if measured
The Cyber Risk Handbook - Creating and Measuring Effective Cybersecurity Capability, by Domenic Antonnucci, published this month by Wiley with a contribution by McKinsey partners highlights some basic realities of cybersecurity:
- Cybersecurity performance can be managed, but only if measured. But measuring cybersecurity performance is hard. Fortunately cybersecurity elements worth managing can be measured even if only by proxy. Measuring performance and organizational health is critical to catalyzing progress, instilling accountability, and ultimately achieving an organization’s strategic aspirations
- Key pitfalls to avoid include: irrelevant metrics; focusing on lagging indicators to the exclusion of leading indicators; Assuming more is better; Relying on subjectivity; Measuring the cybersecurity organization rather than enterprise resilience
- Organizations also have to balance challenges like these against imperatives for change: How important is sensitive information to the future of the business? How sophisticated are attackers? What is the level of regulatory scrutiny? How important are cybersecurity capabilities and protections to customers?
Cybersecurity hallmarks of digital resilience
Once an organization understands its risks, it can start to determine what types of capabilities its needs to build to protect itself. McKinsey&Company developed with the World Economic Forum seven hallmarks of digital resilience that need to be put in place:
- Prioritize information assets based on business risks
- Differentiate protection based on the importance of assets
- Integrate cybersecurity into enterprise-wide risk management and governance processes
- Enlist frontline personnel to protect the information assets they use
- Integrate cybersecurity into the technology environment
- Deploy active defenses to uncover attacks proactively
- Test continuously to improve incident response across business functions.
CTMfile take: Domenic’s Handbook is full of strategic advice that your senior managers should read. The Cyber Risk Handbook : Creating and Measuring Effective Cybersecurity Capabilities by Domenic Antonucci is available in eBook form for £54.60 from hive.co.UK and in printed form from booksellers world-wide..
Like this item? Get our Weekly Update newsletter. Subscribe today