麦肯锡:网络攻击战略风险 ( 英文 40页)

    2014-05-01

麦肯锡:网络攻击战略风险 ( 英文 40页)


 

The rising strategic risks of cyberattacks

Research by McKinsey and the World Economic Forum points to a widening range of technology vulnerabilities and potentially huge losses in value tied to innovation.

 

More and more business value and personal information worldwide are rapidly migrating into digital form on open and globally interconnected technology platforms. As that happens, the risks from cyberattacks become increasingly daunting. Criminals pursue financial gain through fraud and identity theft; competitors steal intellectual property or disrupt business to grab advantage; “hacktivists” pierce online firewalls to make political statements.

Research McKinsey conducted in partnership with the World Economic Forum suggests that companies are struggling with their capabilities in cyberrisk management. As highly visible breaches occur with growing regularity, most technology executives believe that they are losing ground to attackers. Organizations large and small lack the facts to make effective decisions, and traditional “protect the perimeter” technology strategies are proving insufficient. Most companies also have difficulty quantifying the impact of risks and mitigation plans. Much of the damage results from an inadequate response to a breach rather than the breach itself.

Complicating matters further for executives, mitigating the effect of attacks often requires making complicated trade-offs between reducing risk and keeping pace with business demands (see sidebar “Seizing the initiative on cybersecurity: A top-team checklist”). Only a few CEOs realize that the real cost of cybercrime stems from delayed or lost technological innovation—problems resulting in part from how thoroughly companies are screening technology investments for their potential impact on the cyberrisk profile.More than half of all respondents, and 70 percent of executives from financial institutions, believe that cybersecurity is a strategic risk for their companies. European companies are slightly more concerned than American ones. Notably, some executives think internal threats (from employees) are as big a risk as external attacks.

Equally worrisome, a large majority of executives believe that attackers will continue to increase their lead over corporate defenses. Sixty percent of the executives interviewed think the sophistication or pace of attacks will increase somewhat more quickly than the ability of institutions to defend themselves. Product companies, such as high-tech firms, are most concerned about industrial espionage. The leaking of proprietary knowledge about production processes may be more damaging than leaks of product specifications, given the pervasiveness of “teardown” techniques and the legal protections afforded to product designs. Service companies are more concerned about the loss and release of identifiable information on customers and about service disruptions.

According to McKinsey’s ongoing cyberrisk-maturity survey research, large companies reported cross-sector gaps in their risk-management capabilities. Ninety percent of those most recently surveyed had “nascent” or “developing” ones. Only 5 percent were rated “mature” overall across the practice areas studied (exhibit). Notably, we found no correlation between spending levels and risk-management maturity. Some companies spend little but do a comparatively good job of making risk-management decisions. Others spend vigorously, but without much sophistication. Even the largest firms had substantial room for improvement. In finance, for instance, senior nontechnical executives struggled to incorporate cyberrisk management into discussions on enterprise risk management and often couldn’t make informed decisions, because they lacked data.

Exhibit

 

A large majority of surveyed companies had nascent or developing cyberrisk-management capabilities.

Concerns about cyberattacks are starting to have measurable negative business implications in some areas. In high tech, fully half of the survey respondents said they would have to change the nature of their R&D efforts over time. There is noticeable concern, as well, that cyberattacks could slow down the capture of value from cloud computing, mobile technologies, and health-care technologies. Some 70 percent of the respondents said that security concerns had delayed the adoption of public cloud computing by a year or more, and 40 percent said such concerns delayed enterprise-mobility capabilities by a year or more.

Cybersecurity controls are having a significant impact on frontline productivity, too. About 90 percent of the respondents overall said that controls had at least a moderate impact on it. Half of the high-tech executives cited existing controls as “a major pain point” that limited the ability of employees to collaborate.

While there is broad agreement among executives that concerted efforts by policy makers, companies, and industry associations will be needed to reduce threats, there is considerable disagreement about how a consensus might take shape. And executives worry that new regulations may be grounded in outdated techniques and that regulators’ skills and capabilities may be insufficient.

A global economic penalty

Looking forward, if the pace and intensity of attacks increase and are not met with improved defenses, a backlash against digitization could occur, with large negative economic implications. Using MGI data on the technologies that will truly matter to business strategy during the coming decade, we estimate that over the next five to seven years, $9 trillion to $21 trillion of economic-value creation, worldwide, depends on the robustness of the cybersecurity environment (see sidebar “About the research”).


These dynamics could play out in many areas, with the proliferation of attackers’ weapons leading to widespread and highly visible incidents that trigger a public backlash and push governments to enforce tighter controls, which could dramatically decelerate the pace of digitization. Indeed, our interviews and workshops with executives from a variety of sectors reinforce the view that the cybersecurity environment may be getting more difficult and that early elements of a backlash are already beginning to materialize.Consider, for example, cloud computing. In an environment where a solid cyberresilience ecosystem accelerates digitization, the private and government sectors would increase their use ofpublic cloud technologies,2 with enhanced security capabilities allowing widespread deployment for noncritical workloads. Private clouds would handle more sensitive workloads. In this case, we estimate that cloud computing could create $3.72 trillion in value by 2020. However, in an environment of stepped-up cyberattacks, public clouds would be underutilized, given increased fear of vulnerabilities and higher costs from compliance with stricter policies on third-party access to data and systems. Such problems would delay the adoption of many systems and reduce the potential value from cloud computing by as much as $1.4 trillion.

 

 

[报告关键词]:   网络攻击  
合作共赢,共创未来

需要研究报告相关资料和报告?

每年为数千个企事业和个人提供专业化服务;量身定制你需要的研究报告的资料和报告

相信我们!企业客户遍及全球,提供政府部门、生产制造企业、物流企业、快消品行业专业化咨询服务;个人客户可以提供各类经济管理资料、商业计划、PPT、MBA/EMBA论文指导等。

点此填写您的需求

15+年的经验,值得信赖

可以QQ联系我们:896161733;也可以电话:18121118831

**涉及个人信息严格保密,敬请放心

商务服务

可以微信或者电话联系:18121118831

商业计划书

商务文档撰写

提供商业计划书、投资计划书咨询、撰写和指导

点击查看详细

可行性研究报告

商务咨询业务

服务企业、政府和投资者,提供各个产业可行性研究报告撰写和咨询服务

点击查看详细

物流产业园区规划

商务咨询业务

为企业提供物流园区规划咨询,包括市场调研、可行性、总体战略和运营规划等等

点击查看详细

PPT设计制作

商务PPT制作

商业计划书是一份全方位的项目计划,它从企业内部的人员、制度、管理以及企业的产品、营销、市场等各个方面对即将展开的商业项目进行可行性分析(包含论文PPT)。

点击查看详细