• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Cybersecurity: What happens after we got hacked

Stan Aronow by Stan Aronow
April 22, 2022
Photo by Andrea Piacquadio from Pexels: https://www.pexels.com/photo/laughing-male-constructor-showing-thumb-up-at-working-desk-3760613/

Photo by Andrea Piacquadio from Pexels: https://www.pexels.com/photo/laughing-male-constructor-showing-thumb-up-at-working-desk-3760613/

Quick… what’s a dirty little secret that most people would not want aired publicly? No… this is a business-related blog, try again. 😉 If you answered, “We were hacked, and it took our systems down long enough to impact our operations and those of our customers,” you’d be in good company.

At our most recent Executive Advisory Board meeting, one of our members lamented that while their team is quite advanced in terms of overall supplier relationship management, they are still frequently surprised when cyber disruptions happen at suppliers.

This week, during an event for our COO and CSCO communities, we surveyed attendees on whether they or their supply partners had been impacted by cyberattacks since the Russian invasion of Ukraine. We also asked if they are seeing a trend in this type of activity. It was an anonymous poll, but I suspect many of the leaders on the call chose not to reveal their situation. For those who did, the responses were telling.

Source: Gartner

Nearly three-quarters of respondents had one or more of their suppliers experience a disruptive cyber event that took key processes and systems down for at least a day. More than a quarter had shorter-term disruptions to their internal operations. This level of cyber activity was an uptick for most when compared to the period prior to mid-February and the lead-up to the Russian invasion of Ukraine.

How should we respond?

At many companies, supply chain leaders are only granted the authority to execute CIO or chief information security officer (CISO) directives on cybersecurity. A challenge to this model is that often the weakest cyber links exist with suppliers and other external partners. CSCOs and their teams need to engage to ensure the extended value chain is protected, along with internal systems and assets.

Beyond governance issues, there are ROI-related decisions on the required response. One way to assess the amount of focus and resources that should be placed on extended value chain security is to treat this investment like any other type of risk mitigation or insurance policy. Gartner’s well-known risk management analyst, Paul Proctor, recently published a report on this topic (Use Value and Cost to Treat Cybersecurity as a Business Decision — Gartner subscription required). Here are some of the key findings from that research:

Organizations must stop investing in security tools and start investing in outcomes. A strategic vision for cybersecurity as a business decision is one that balances protection needs with desired business outcomes.

Technology and business drivers should influence how much is spent on a cybersecurity program and for what level of protection. This framing should be captured in a protection-level agreement (PLA) between the IT team and business leaders.

The PLA sets out the desired security and business outcomes and how the outcomes will be addressed by a set of controls that are consistent, adequate, reasonable and effective.

CIOs should not expect executive decision-makers to express their needs for protection in cybersecurity terminology. Instead, protection levels should be framed and influenced within the context of the following business drivers:

Business operations — Opportunities or decisions that put the organization more at risk

Regulatory demands — What PLAs are acceptable to the regulators?

Shareholders — Can the CEO stand in front of the TV cameras and defend the organization’s cybersecurity decisions to satisfy both customers and shareholders?

Partners — How many companies will not work with the organization because it is not appropriately secure?

Cyber insurance eligibility — What is necessary to obtain cyber insurance? Cost and requirements to obtain cyber insurance are trending up and are more stringent

Benchmarks — What are others doing?

Observable business impact — How much downtime or other material loss is being caused by security incidents? How can that be changed by stronger or weaker PLAs?

The first step in most remediation journeys is admitting we have a problem and then moving into the solution space. In line with that theme, we are excited to explore the topic of Secure Supply Chain with our global COO and CSCO community at an April 26 Leaders in Action event, co-sponsored by Mark Bakker and the team at HP Enterprise.

First published on Gartner Blog Network

Related:  PodChats for FutureCISO: Predicting the unpredictable
Tags: cyber insuranceGartnerrisk management
Stan Aronow

Stan Aronow

Stan Aronow is a vice president distinguished advisor supporting the global Chief Supply Chain Officer community. Prior to this role, Aronow managed Gartner's global Supply Chain Top 25 leadership research portfolio for five years. He has also published research and advised in the areas of high-tech supply chain management, supply chain segmentation and cost-to-serve, metrics and performance management and product portfolio complexity management. Aronow has written articles for publications such as SupplyChainBrain and Supply Chain Management Review and been quoted in global news publications, including The Wall Street Journal, Financial Times and The China Post.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe