MIT Sloan Management Review Article on Make Cybersecurity a Strategic Asset

By elevating cybersecurity from an operational necessity to a source of opportunity, leaders can boost resilience and business advantage.

On June 27, 2017, employees in more than 80 global companies booted up their computers only to find a black screen with the message, “Oops, your important files are encrypted,” along with a demand for a bitcoin payment to decrypt the files. Within a few hours, managers began to realize the extent of the attack: Malware had infected the companies’ central servers, paralyzing every aspect of global operations, including interoffice communications, access to documents, access to customer data, and all operational and manufacturing systems. The NotPetya virus, which had begun its spread via the software-update function of a widely used Ukrainian tax preparation program, eventually caused global economic damage exceeding $10 billion in industries such as transportation, energy, pharmaceuticals, food production, consumer goods, and professional services.

Despite such examples of devastating cyberattacks on major organizations, many of the world’s largest companies remain unprepared.2 Although executives acknowledge cybersecurity as an important part of IT planning, they misunderstand the strategic character of cyberattacks, both as a severe threat to earnings and operations, and as an opportunity. Yes, an opportunity.