
In this article McKinsey focuses on a seemingly obvious, yet frequently missed opportunity by many CEOs: integrating cybersecurity with the overall risk function. Cybersecurity is often relegated to the CISO and CIO because of it's technical nature but it is, in fact, a major driver for high consequence business risks - from loss of reputation and revenue to an existential threat. By laying out the opportunities, challenges and the rationale for change a persuasive case is made for C-Suites to adopt this approach as a high priority.
Another common error is to underestimate the 'institutional inertia' that perpetuates the chasm between the business and cybersecurity. An even greater error is not making the effort to correct it. Only the C-Suite and particularly the CEO have the span of control, the necessary 'levers', to make this happen -- and thus own the amplified risk if not addressed.
Another common error is to underestimate the 'institutional inertia' that perpetuates the chasm between the business and cybersecurity. An even greater error is not making the effort to correct it. Only the C-Suite and particularly the CEO have the span of control, the necessary 'levers', to make this happen -- and thus own the amplified risk if not addressed.