The CEO's Cyber Resilience Playbook
MIT Sloan Management Review|Summer 2024
What do CEOs who led through a serious cyberattack regret? Use this guide to learn from their experiences and take smarter actions before, during, and after an attack.
Manuel Hepfer, Rashmy Chatterjee, and Michael Smets
The CEO's Cyber Resilience Playbook

ON MAY 7, 2021, EXECUTIVES AT Colonial Pipeline discovered that cybercriminals had launched a ransomware attack on its IT systems. To prevent the malware from spreading further, the company took its computer systems offline, disabling 5,500 miles of pipeline that supplied 45% of the fuel consumed on the U.S. East Coast. The disruption lasted nearly a week, resulting in panic buying and fuel shortages. In a controversial decision, Colonial Pipeline paid a ransom of nearly $4.4 million in exchange for the decryption keys to get its systems back online. One month later, with recovery efforts and investigations ongoing, Colonial Pipeline CEO Joseph Blount defended that decision before the U.S. Senate, testifying,

“We were in a harrowing situation and had to make difficult choices that no company ever wants to face.”

Blount’s testimony echoes the experiences of many of the CEOs we have interviewed as part of our research into how leaders manage cybersecurity risk and attacks.¹ These CEOs shared with us similarly painful accounts of having to make existential decisions based on imperfect information, under enormous pressure, in an area where they had relatively little expertise. Serious cyberattacks thrust CEOs into the public eye, scrutinized by the media, shareholders, regulators, and other stakeholders.

We conducted 37 in-depth interviews with the chief executives of large enterprises (with average revenues of $12 billion) in the United States, Europe, and Asia. Nine of them had led their company through a serious cyberattack, which allowed us to compare their battle-tested views with those of CEOs who had not yet suffered such an attack. This article outlines strategies, based on their lessons, to help your organization stop over-relying on cybersecurity and start building cyber resilience as a strategic opportunity.

Denne historien er fra Summer 2024-utgaven av MIT Sloan Management Review.

Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.

Denne historien er fra Summer 2024-utgaven av MIT Sloan Management Review.

Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.

FLERE HISTORIER FRA MIT SLOAN MANAGEMENT REVIEWSe alt
Avoiding Harm in Technology Innovation
MIT Sloan Management Review

Avoiding Harm in Technology Innovation

To capitalize on emerging technologies while mitigating unanticipated consequences, innovation managers need to establish a systematic review process.

time-read
10+ mins  |
Fall 2024
Make a Stronger Business Case for Sustainability
MIT Sloan Management Review

Make a Stronger Business Case for Sustainability

When greener products and processes add costs, managers can shift other levers to maintain profitability.

time-read
9 mins  |
Fall 2024
How to Turn Professional Services Into Products
MIT Sloan Management Review

How to Turn Professional Services Into Products

Product-based business models can help services firms achieve greater scale and profitability. But the transformation can be challenging.

time-read
10 mins  |
Fall 2024
Do You Really Need a Chief AI Officer?
MIT Sloan Management Review

Do You Really Need a Chief AI Officer?

The right answer depends on the strategic importance and maturity of AI in your company.

time-read
10+ mins  |
Fall 2024
Where To Next? Opportunity on the Edge
MIT Sloan Management Review

Where To Next? Opportunity on the Edge

Doing business in regions considered less stable or developed can pay off for companies. But they must invest in working with local communities.

time-read
10 mins  |
Fall 2024
Make Smarter Investments in Resilient Supply Chains
MIT Sloan Management Review

Make Smarter Investments in Resilient Supply Chains

Many companies invest in resilience only after a disruption. Applying the concept of real options can help decision makers fortify supply chain capabilities no matter the crisis.

time-read
10+ mins  |
Fall 2024
The Three Traps That Stymie Reinvention
MIT Sloan Management Review

The Three Traps That Stymie Reinvention

Organizational identity, architecture, and collaboration can be either assets or liabilities to pursuing growth in new sectors.

time-read
10+ mins  |
Fall 2024
What Makes Companies Do the Right Thing?
MIT Sloan Management Review

What Makes Companies Do the Right Thing?

Vaccine makers varied widely in their engagement with global public health efforts to broaden access to COVID-19 immunizations. Ethically motivated leadership was a dominant factor.

time-read
10+ mins  |
Fall 2024
Build the Right C-Suite Team for Your Strategy
MIT Sloan Management Review

Build the Right C-Suite Team for Your Strategy

CEOs can foster a more effective leadership team by understanding when to tap senior executives' competitive instincts and when to encourage collaboration.

time-read
10+ mins  |
Fall 2024
A Better Way to Unlock Innovation and Drive Change
MIT Sloan Management Review

A Better Way to Unlock Innovation and Drive Change

A strengths-based approach to building teams can win employee commitment to change and foster an inclusive, agile culture.

time-read
10+ mins  |
Fall 2024