Читать книгу Beyond Cybersecurity - Kaplan James M. - Страница 8

Companies are losing ground to cyber-attackers. Nearly 80 percent of technology executives said that they cannot keep up with attackers’ increasing sophistication and many said they are seeing attack strategies filter down from nation-states to a wide range of criminals and hacktivists, who have much more destructive ambitions.

Although companies are spending tens, and sometimes hundreds of millions of dollars protecting themselves, they lack the facts and processes to make effective decisions about cybersecurity. Of more than 60 institutions whose practices we surveyed in detail, a third had only a “nascent” level of cybersecurity maturity, while the next 60 percent were still “developing.” Very few were “mature” and not a single one was “robust.” Many institutions simply appear to be throwing money at the problem, but larger expenditures have not translated into greater maturity.

The controls required to protect against cyber-attacks are already having a negative impact on business. For example, security concerns are delaying the rollout of more advanced mobile functionality in companies by an average of six months, and are even more dramatically limiting the extent to which companies are using public cloud services. For nearly three quarters of companies, security controls reduce frontline productivity by slowing employees’ ability to share information, and even though direct cybersecurity spend is relatively small, the indirect costs can be substantial: some CIOs told us that security requirements drove as much as 20 to 30 percent of their overall activity.

The cybersecurity environment could evolve in many different ways over the next five to seven years. However, if attackers continue to increase their advantage over defenders, the result could be a cyber-backlash that decelerates digitization. In this scenario, a relatively small number of destructive attacks would reduce trust in the economy, causing governments to impose new regulations and institutions to slow the pace of technology innovation. The world would capture less of the $8 trillion to $18 trillion we predict can be generated by 2020 from technological innovations such as big data and mobility – the ultimate impact could be as much as $3 trillion in lost productivity and growth.

Companies, governments, and society at large must strive for digital resilience in order to realize the full potential value of innovation. This means cybersecurity must move up the corporate and political agenda.

The first section of this book deals with this issue. Chapter 1 demonstrates why concerns about cyber-attacks are already affecting companies’ ability to derive value from technology investments. Chapter 2 lays out the potential scenarios that describe how the cybersecurity environment could evolve over the next five to seven years and explains in more detail why we believe that $3 trillion is at risk.