There are two kinds of companies. Those that have been hacked, and those that have been hacked but don’t know it yet.¹

House Intelligence Committee Chairman Mike Rogers

1.1 DEFINING CYBERSECURITY

When Congressman Mike Rogers included the words above in a press release to announce new legislation designed to help better defend American business against cyber threats, many executives were alarmed over the prospect that their businesses likely were already victims of hackers. They were shocked.

We weren’t.

For over 30 years, we have been deeply involved in not only building, integrating, and defending complex information technology (IT) systems but also in running and managing businesses that have come to rely on IT to create value and deliver profits. During our professional careers, we have seen IT systems grow from stand-alone computers to today’s globally connected information ecosystem that permits users to access information anytime, anywhere. We also have seen the increase in the numbers of hackers and others who attempt to gain access to information for reasons that include curiosity, personal profit, or competitive advantage. Threats to your vital information are real and intensifying.

While the term “cybersecurity” is creeping into discussions in boardrooms around the world, we find that most executives, while certainly cognizant of the importance of IT to their businesses, need help to understand what cybersecurity is, how to integrate it into their ...