MIT Sloan Management Review Article on An Action Plan for Cyber Resilience

The NotPetya malware attack of 2017 encrypted the systems and disrupted the operations of global businesses, starting in Ukraine and spreading rapidly to over 60 countries around the world. Global shipping company Maersk, one of the worst hit, ultimately needed to rebuild its entire IT infrastructure. In the nine days it took to get its systems back online, the company struggled to continue operations using manual workarounds that teams came up with on the fly. In the end, the incident cost Maersk nearly $300 million.

A more recent ransomware attack shut down the operations of JBS USA, the largest U.S. meatpacker, and other attacks have affected hundreds more companies. In late 2021, for instance, the Log4j vulnerability allowed adversaries to embed malware and take control of millions of Java applications developed over the past decade. These widespread incidents have proved that successful cyberattacks are inevitable.

About the Author

Michael Coden is a senior adviser at BCG with over 30 years of experience in cybersecurity strategy. Martin Reeves (@martinkreeves) is a senior partner at Boston Consulting Group and chairman of the BCG Henderson Institute. Keri Pearlson is executive director of the research consortium Cybersecurity at MIT Sloan (CAMS). Stuart Madnick is the John Norris Maguire Professor of Information Technologies, Emeritus, at the MIT Sloan School of Management and the founding director of CAMS. Cheryl Berriman is global senior director of the CEO Advisory practice at BCG.

Learn more about MIT SMR.