Abstract:
This article asserts the view that management, not just technological positions, plays a huge role in mitigating cybersecurity risks by allocating necessary resources and prioritizing cyber safety. While it is understood that the board is increasingly important in protecting security, it has been found that they are unprepared in actually fulfilling this role. It is important that people in management positions have adequate training to understand cybersecurity risks and also are accurately reporting data related to cyber events instead of downplaying their effects. This article also lists three best practices for companies being educating company leadership, developing a common language, and distinguishing between security and resilience. What I think is important about this article is this emphasis on resilience, or the ability to continue doing business effectively while under a cyber attack because, unfortunately, preventing all cyber attacks is relatively impossible because there will always be bad actors, but minimizing the effects of these attacks on economic well-being is key.
Author:
Ray A. Rothrock, James Kaplan, and Friso Van der Oord
Institution:
MIT Sloan Management Review