As highly visible breaches occur with growing regularity, most technology executives believe that they are losing ground to attackers. Organizations large and small lack the facts to make effective decisions, and traditional “protect the perimeter” technology strategies are proving insufficient. Most companies also have difficulty quantifying the impact of risks and mitigation plans. Much of the damage results from an inadequate response to a breach rather than the breach itself.
Complicating matters further for executives, mitigating the effect of attacks often requires making complicated trade-offs between reducing risk and keeping pace with business demands. Only a few CEOs realize that the real cost of cyber-crime stems from delayed or lost technological innovation—problems resulting in part from how thoroughly companies are screening technology investments for their potential impact on the cyber-risk profile.