- Who is responsible for developing and maintaining our cross-functional approach to cybersecurity? To what extent are business leaders (as opposed to IT or risk executives) owning this issue?
- Which information assets are most critical, and what is the “value at stake” in the event of a breach? What promises-implicit or explicit-have we made to our customers and partners to protect their information?
- What roles do cybersecurity and trust play in our customer value proposition-and how do we take steps to keep data secure and support the end-to-end customer experience?
- How are we using technology, business processes, and other efforts to protect our critical information assets? How does our approach compare with that of our peers and best practices?
- Is our approach continuing to evolve, and are we changing our business processes accordingly?
- Are we managing our vendor and partner relationships to ensure the mutual protection of information?
- As an industry, are we working effectively together and with appropriate government entities to reduce cybersecurity threats?
Source: Meeting the cybersecurity challenge by James Kaplan, Shantnu Sharma, and Allen Weinberg | The McKinsey Quarterly, June 2011
Subject: IT Questions