A new McKinsey study points to a widening range of technological vulnerabilities which could total $21 trillion in value for companies conducting business in a new global world order.

Singapore cyber attacks

Firms struggle to keep up through cyber attacks

McKinsey estimates that over the next five to seven years, $9 trillion to $21 trillion of economic-value creation, worldwide, depends on the robustness of the cybersecurity environment — and can be endangered through cyber attacks.

The McKinsey research, conducted in partnership with the World Economic Forum, suggests that companies are struggling with their capabilities in cyber risk management. “As highly visible breaches occur with growing regularity, most technology executives believe that they are losing ground to attackers,” the report said. “Much of the damage results from an inadequate response to a breach rather than the breach itself.”  The report noted that both large and large and small organizations lack the facts to make effective decisions, and traditional “protect the perimeter” technology strategies are proving insufficient. Most companies also have difficulty quantifying the impact of risks and mitigation plans.

Complicating the issue is solutions often require trade-offs between business demands and technical risk reduction strategies.

Such are the conclusions the study drew as a result of interviews with more than 200 chief information officers, chief information-security officers, regulators, policy makers, technology vendors, law-enforcement officials, and other kinds of practitioners in seven sectors across the Americas, Europe, the Middle East and Africa, and Asia.

Cyber Attacks: Financial firms feel most at risk, while EU views threats from employees

Executives from financial firms felt most at risk, with 70% of such executives believing cybersecurity is a strategic risk for their companies, compared to only 50% of general corporate executives. European companies are slightly more concerned than American ones, where some executives think internal threats (from employees) are as big a risk as external attacks.

Cyber attacks will increase, get more sophisticated

A large percentage of executives think attackers will continue to increase their lead over corporate defenses, with 60% believing the sophistication or pace of attacks will increase somewhat more quickly than the ability of institutions to defend themselves. Product companies, such as high-tech firms, are most concerned about industrial espionage, the report noted, while service companies are more concerned about the loss and release of identifiable information on customers and about service disruptions.

The report said that, with the proliferation of attackers’ weapons, could lead to widespread and highly visible incidents that trigger a public backlash and push governments to enforce tighter controls.  This, the report says, could dramatically decelerate the pace of digitization. “The cybersecurity environment may be getting more difficult and that early elements of a backlash are already beginning to materialize,” the report concluded.