Abstract:
"Are you spending enough on cybersecurity?" This is a question that any business leader will hear a lot. A CEO, Chief Risk Officer, Chief Information Security Officer, and sometimes Chief Financial Officer will find it difficult to answer. Answering a "Yes" will put you in a very problematic situation when your cybersecurity stalls, and answering a "No" will give you a perception of negligence. This question, instead, does not need to be answered with a "Yes" or "No." It is addressed by asking ourselves, and being able to answer to "How much is enough for Cybersecurity?." The answer to this latter problem is going to vary depending on each organization's "risk appetite," which in turn is going to be different depending on each the organization's digital assets that need to be protected, as well as the security threshold that the organization is willing to set, since no one can be totally secure.
Author:
Alex Asen, Walter Bohmayr, Stefan Deutscher, Marcial Gonzalez, and David Mkrtchian
Institution:
Boston Consulting Group (BCG)