Beyond Cybersecurity: Protecting Your Digital Business
James Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus, and Chris Rezek
John Wiley & Sons (2015)

How and why all organizations must develop digital resilience to establish and then sustain cybersecurity

First of all, it is important to keep in mind that cybersecurity is not an IT issue; it is a business issue, The co-authors of this brilliant book — James Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus, and Chris Rezek — are staunch and eloquent advocates of what they characterize as “digital resilience.” More specifically, it is a state in which individual organizations, industries, and even entire (national) economies

o “Understand the risks of cyber-attacks and can make business decisions where the returns justify the incremental risks.”

o “They have confidence that the risks of cyber-attack are manageable, rather than strategic — their do not put their competitive position or very existence at risk.”

o Consumers and organizations “have confidence in the online economy — the risks to information assets and of online fraud are not a brake to the growth of digital commerce.”

o Finally, the risk of cyber-attack “does not prevent them from continuing to take advantage of technology innovation.”

Now you have the context in which the World Economic Forum and McKinsey & Company “have collaborated to understand how to help companies and countries reach their aspirations.” Kaplan, Bailey, O’Halloran, Marcus, and Rezek bring to the task a wide and deep background of experience as well as the unique and abundant resources of the WEF and McKinsey from which they share valuable information, insights, and counsel that can help almost any organization (whatever its size and nature may be) to protect itself from cyber-attacks such as the theft of information assets and the intentional disruption of online processes.

Now you have the context in which the World Economic Forum and McKinsey & Company “have collaborated to understand how to help companies and countries reach their aspirations.” Kaplan, Bailey, O’Halloran, Marcus, and Rezek bring to the task a wide and deep background of experience as well as the unique and abundant resources of the WEF and McKinsey, sources from which they share valuable information, insights, and counsel that can help almost any organization (whatever its size and nature may be) to protect itself from cyber-attacks such as the theft of information assets and the intentional disruption of online processes.

These are among the dozens of passages of greatest interest and value to me, also listed to suggest the scope of the co-authors’ coverage:

o Cybersecurity change management program (Pages xvi-xvii and 157-183)
o Three critically important questions that must be addressed (xxI)
o Loss of Business information (13-14, 81-82, and 118-120)
o Loss of intellectual property (17-18, 61-63, 81-82, and 118-120)
o Cyber criminals: Attackers’ advantage (19-21)
o Cloud computing (36-37 and 103-110)
o Cyber: Role of international bodies (50-51 and 185-208)
o Role of senior management (60-63, 96-99, 160-161, 176-177, and 180-182)
o Cybersecurity in business processes (78-90)
o Frontline employees (87-88, 90-93, 113-116, and 118-120)
o Cybersecurity in IT (101-122 and 179-180)
o IT vulnerabilities (101-122, 124-126, 162-163, and 179-180)
o IT controls (110-122)
o Active defense (123-139)
o Cybersecurity analytics (133-135)
o Incident response (141-155)
o Cybersecurity in organizational structure (172-174 and 181-182)
o Collaboration within industries (190-191, 201-202, and 204-205)
o Cybersecurity: National security (195-199)

Please be sure to read with care, then absorb, and digest the material in both the Preface and Executive Summary that “sets the table” for what proves to be a “feast” of cutting-edge information, insights, and counsel with regard to how to move beyond cybersecurity to digital resilience. Obviously, no brief commentary such as mine can possibly do full justice to the incalculable value of the material that James Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus, and Chris Rezek provide. However, I hope I have at least indicated why I think so highly of them and their work.

They understand and appreciate better than can almost anyone else how serious the threats to digital business practices are in a world that seems to become more volatile, more uncertain, more complex, and more ambiguous than at any prior time I can remember. That said, I commend this observation by Marie Curie: “Nothing in life is to be feared. It is only to be understood. We must understand more so that we may fear less.”