Bain uses cookies to improve functionality and performance of this site. More information can be found in our Privacy Policy. By continuing to browse this site, you consent to the use of cookies. CIO Journal

Time for senior managers to get serious about cybersecurity

Organizations stand to lose too much for data security to be treated as anything but a top-level strategic issue.

  • March 06, 2014
  • min read


Time for senior managers to get serious about cybersecurity

Read the full article in's CIO Journal (subscription required) 

If there is a silver lining to the recent rash of high-profile security breaches, it may be this: Senior executives and boards can no longer just pass ownership of data security to the CIO and hope it will go away. The consequences are too severe—and too public—for them to ignore.

Simply throwing more money at the problem isn’t likely to fix it. Many billions are invested every year in cybersecurity, and still hardly a week goes by without news of a major breach.

CEOs and other corporate leaders need to take a more strategic approach to this security problem, one that is based on better communication between the business side of the company (which understands the relative value of different digital assets) and IT (which makes investment decisions about how to protect them). Data security has become a top-level strategic issue, because the consequences of failure can ruin a business. Any organization may be only a few hacks away from disaster.

In our experience working with leading enterprises, we find that too many fail to align their IT security capabilities with their larger goals and appetite for risk. At some companies, business and IT don’t discuss emerging threats or the relative importance of different classes of digital assets.

Read the full article in's CIO Journal (subscription required)


Want to continue the conversation?

We help global leaders with their organization's most critical issues and opportunities. Together, we create enduring change and results.