Page 26 - 78
P. 26

PREVENTION






                            your company, and bear in mind that industry, re-  True resilience comes only with
                            gion, critical assets requiring different protections,
                            benchmarks and the current threat environment   sustained dedication to building
                            will all have an impact.                 “up a broad range of strategic
                                                                          capabilities and developing
                            Define a roadmap, and begin to follow it. Ad-
                            dress the most critical capability maturity gaps first,   cybersecurity maturity
                            especially those that concern your most valuable
                            assets. Then define more comprehensive initiatives
                            to enhance capabilities in other key areas. Take on   and another 41% plan to add insurance over the
                            no more than 10 initiatives over an 18- to 36-month   next 18 months.
                            period.
                                                                      Taken as a whole, the approach to building cyber-
                            Strengthen the commitment to continuous   security capability maturity is a straightforward
                            improvement. Reassess capability requirements   journey, not unlike other transformational initiati-
                            and maturity levels regularly. Refresh the strategic   ves, but experience shows that it can require su-
                            cybersecurity roadmap to build capability maturity   stained focus and a commitment of years to bring
                            where needed, and ensure that the plan is adequa-  capability levels in line with the real needs of the
                            tely funded.                              company.
                                                                      The most important step is the first one: Executive
                            Finally, part of continuous assessment is under-  teams must come to grips with the scale of the
                            standing what level of risk can and should be miti-  challenge and acknowledge that, in most cases,
                            gated through cybersecurity insurance. No amount   everything they are doing around cybersecurity is
                            of insurance can cover the damage of a major,   probably not enough.
                            highly visible security breach, but insurance is an   With that understanding, executives can take the
                            indispensable component of cybersecurity risk ma-  necessary steps to increase their cyber resilience
                            nagement. FireEye found that half of the compa-  to protect their organization, its assets and its sta-
                            nies it surveyed are insured against this type of risk,   keholders.









                                              Frank Ford and Syed Ali


                                              Frank Ford is a partner and Syed Ali is an expert vice president with Bain’s Enterprise
                                              Technology practice. Frank is based in London, and Syed is based in Houston.


































       24 24  Impiantistica Italiana - Marzo-Aprile 2020
   21   22   23   24   25   26   27   28   29   30   31