Digital resilience will not come from implementing a discrete set of technological or process changes. The levers described in this book are an interrelated, mutually reinforcing system. Putting them in place requires significant behavioral changes not only within the cybersecurity function, but across IT and all major business processes and functions. Change of that scale requires companies to address a set of daunting structural and organizational challenges, including deep-seated mind-set shifts about what cybersecurity aims to achieve and who is responsible for it.

Yet despite the scale of the challenge, even some of the biggest and most sophisticated organizations fail to acknowledge the extent of change required. They try to avoid the problems rather than address them head-on and their security programs remain focused on a series of technical implementations rather than on undertaking a fundamental change in the operating model. The result is often incomplete buy-in from the organization as a whole, which complicates decision making, slows implementation and reduces the chance that the required resources will be available for the program.

Indeed, such a blinkered approach does not just increase the risk of being hacked, it risks slowing down the company’s ability to innovate and grow, and will contribute to that $3 trillion shortfall in the value from technology.

Companies must understand what the journey to digital ...