Cyber resilience: 4 key principles for new businesses

Cyber resilience: 4 key principles for new businesses

Merely relying on a tool is insufficient; a combination of process, people, and technology is necessary. Here are key principles to guide you:

1. If a concept merits investment, executives should dedicate time to consider and mitigate risks. Establish a framework to identify major risks and mitigation measures, keeping future growth and user experience in mind.
2. Forward-looking companies view cybersecurity as a core element of their business architecture. They seek external expertise to accelerate delivery and coordinate controls, ensuring cyber experts closely collaborate with the business.
3. The role of the parent company in cybersecurity varies based on leadership engagement, crossover potential, and priorities. A collaborative approach is ideal, exceeding established risk and security standards while leveraging parent company resources when appropriate.
4. Embed risk management and cybersecurity from product ideation to final delivery. For tech-based companies, adopt DevSecOps principles, integrating security testing at every stage of software development. Tailor tools for specific operational focus areas to protect key investments.

https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/new-business-building-six-cybersecurity-and-digital-beliefs-that-can-create-risk