How to continue to innovate after a breach

A company who suffers a cybersecurity breach can lose customer trust to the point they do not survive. For a company to survive a breach, they need to show they did enough and will do enough to retain customer's trust. Another breach could cause the company to be sold off in pieces but the opposite is also true.

• One extreme is cybersecurity being a speedbump where the rest of the company continously accepts uncontrolled risk.
• Another extreme is cybersecurity stiffling innovation and not allowing any risk.

Think artifical intelligence adoption or Office 365 for collaboration.

Premera Blue Cross suffered a massive breach in 2015 and the cybersecurity team saw the cloud as unkown entity where the adoption of Microsoft 365 and the SaaS, PaaS shared responsibility model was seen "too risky." Risk management is not the elimination of risk but the mitigation of risk to an acceptable level.

It's about the controls

If a company decides they want to fly to the moon, controls to reduce risk should be discussed.

We were brought in as security architects and created a design outlining controls for use cases. This required the licensing of Microsoft's E5 business tier and the company's leadership team produced the budget to make it happen. Several years after the migration to Office 365 the company continues to retain customer's trust without another significant breach.