Analysis performed by insurance carriers indicate that cyberattacks faced by manufacturing companies have grown by 30 times and technology companies by about 20 times since 2012. Within the last year, iconic companies from practically every major industry have been breached, whether that was X-Fab in semiconductor, Honda in automotive, or Luxottica in eye-care. At the same time, both the number of cybersecurity vendors and technologies have mushroomed over the past half decade. So why are we still seeing exponentially growing successful cyber-attacks?
Cybersecurity maturity is the next big lever that organizations can focus on. Organizations have a number of tools available to use including:
- The Cybersecurity Capability Maturity Model (C2M2), which proposes 3 levels of maturity
- The NIST CSF, which proposes 4 levels of maturity,
- The Cybersecurity Maturity Model Certification (CMMC), which proposes 5 levels of maturity.
Cybersecurity maturity is essentially about how well cybersecurity is managed. It can follow the path of how any other business critical levers such as growth, productivity, quality, or safety are managed.
The following set of simple questions can help an organization determine what level of efforts is required based on the industry and business impact they could experience from a cyber attack.
The questions reinforce what operating leaders know well – having a robust strategy, building organizational engagement, and more importantly, realizing operational excellence. Technologies and tools could simply follow to support the undertaken strategy and execution.