BCG September 4, 2025
Vanessa Lyon, Sushmita Banerjee, Sid Sankaran, Liana Shalev, Mike Ford, and Bryan Comis

Key Takeaways

Companies that adopt risk-based strategies against cyberattacks outperform because they protect what matters most. Winning companies reframe cybersecurity as strategy, building resilience from the top down. They also focus on protecting their “crown jewels”—the core systems, data, and platforms that drive revenue, customer trust, and operational continuity.

  • Cyber attacks are business threats, with the cost to repair megabreaches averaging $52 million. Nearly one in six companies that suffer a major incident see share values drop more than 5%.
  • A risk-based approach provides precision over blanket coverage, focusing on critical systems and assets to deliver resilience without slowing innovation.
  • Cyber resilience is no longer the sole responsibility of the information security or IT department. It requires...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Technology
Related Articles:
OT–IT Cybersecurity: Navigating The New Frontier Of Risk
STAT+: Hospitals and Epic demand better security for patient records
‘Complexity is where cyber risk tends to grow’
Researchers broke every AI defense they tested. Here are 7 questions to ask vendors.
Your Organization Isn’t Cyber Ready... It Just Thinks It Is

Share Article