As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others. This purpose of this writing is to cover some of the core requirements for implementing cybersecurity, the accountabilities for cybersecurity risks and the information used to manage a viable cybersecurity program.

1. 1 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
The Digital Economy and Cybersecurity
Introduction
As we enter the digital economy, companies will quickly realize that the differentiator in the digital
economy is information and information being a valuable resource is subject to theft, hacking, phishing
and a host of other issues which compromise a company’s ability to participate in the digital economy.
Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the
digital economy. It is up to every company to ensure that the information shared with them is
protected to the best of their ability and proactively notify persons and organizations who entrust their
information necessary to transact business (any personal identity information including but not limited
to addresses, credit card information, social security numbers, account information, credit information,
medical records, etc.) with any potential compromises which can yield harm to them by that information
either being used maliciously or shared with others.
This purpose of this writing is to cover some of the core requirements for implementing cybersecurity,
the accountabilities for cybersecurity risks and the information used to manage a viable cybersecurity
program.
A word about information and the digital economy
In past phases of the information revolution, physical security was important. This is the first phase of
the industrial revolution where digital security is important as a component of the value chain. We will
show in this writing multiple examples of cyber security lapses which have had reputational
consequences to the company whose guard was let down for even a moment. The willingness of
consumers and businesses to consume digital content is a major component of the value chain in the
digital economy. In cases where there have been digital security lapses, the willingness of consumers to
participate in consuming digital content is lessened, often with changes in capitalization changes to the
offended organization.
Figure 1 | The four phases of the Information Revolution, Fortune, InfoSight Partners, 2016

2. 2 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
In the digital economy, cybersecurity results in information consumption resistance, either through
reputational damage or through concerns of businesses and consumers participating in the value chain
hindering their consumption of content provided by your organization.
Some recent security misfires

3. 3 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
Figure 2 | Recent Cyber-security misfires, Graphic News Daily, December, 2016
All these examples have had significant consequences to the attacked organization.
• Most recently, the records from Yahoo were sold on the dark web for $300 million dollars. The
valuation of Yahoo as part of an acquisition plan has been reduced and has been brought into
question.
• There are many governmental hacks which have made the news recently, one such hack
currently under investigation is the hack of the democratic caucus during the 2016 election.
This series of hacks will be under investigation and will take precedence in the national attention
for a significant period.
It is not hard to find examples of cybersecurity lapses in the marketplace. It is incumbent for
organizations to have proactive strategies to find and eradicate these lapses in cyber security before
they can cause injury to the organization.
Figure 3 | The State of Cybersecurity, 2016, RSA
It is important to note that security professionals have less confidence in their ability to protect their
networks from attacks in 2016 than they have been any time in the past. This is partially due to the
ability to easily monetize hacked information. For example, the hacked emails from Yahoo were

4. 4 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
marketed on the dark web for $300M, illustrating that for those who are successful, finding and
infiltrating information through cybersecurity is a lucrative and very illegal opportunity.
Common approaches to cybersecurity are introduced through the following means:
• Redirecting a web, mobile, IOT device or email session to a malicious web page which gives
access to information behind the firewall.
• Injecting code into a web, mobile, IOT device or email session to perform malicious activities.
• Attacking insufficient web, mobile, IOT device or email management controls, thereby capturing
passwords, session ids or other key information through cookies and other means.
• Writing files on the computer utilizing a web, mobile or email session that collects information
and transmits it through an application loaded on the computer.
• Executing remote code which collects information via the remote code loaded into a mobile,
email or web session.
• Requesting information by promising false claims, which is commonly returned through email.
• Introducing malicious code into a web cache.
• Capturing control of a router, computer or collection of IOT devices to deny service.
These methods of security breaches leave an audit trail which should be a proactive defense in an
organization’s information arsenal. Companies who do not make cybersecurity a major component of
their information arsenal will find themselves appearing in the list of companies shown on figure 2.
There are a number of startups with intentions to deal with the increased threat of cybersecurity lapses.
The following picture depicts 224 startups with a total investment of $2.5B in 2015.
An example of a proactive program is being implemented at the security and exchange commission,
where a $500 million computer system dubbed the Consolidated Audit Trail, or CAT, aims to help
regulators better monitor stock and options orders and quickly zero in on manipulators by creating
some 58 billion records a day and maintaining details on more than 100 million customer accounts.
While many companies prioritize the protection of their mobile and web based digital ecosphere, the
internet of things (IOT) is becoming a large component of the digital presence and needs to be included
in the overall cybersecurity program. IOT devices integrate with the digital ecosphere with in many
cases minimal human intervention.

5. 5 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
Figure 4 | Market Penetration of the Internet of Things, 2015, Altimeter
It is incumbent upon all chief risk officers to have a proactive plan to protect the organization from cyber
security intrusions and include an early warning program to identify and eradicate cyber security
intrusions before they can do their intended harm.
Figure 5| Recent Cyber-security venture capital investments, CB Insights, September, 2015

6. 6 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y
About the Author
Mark Albala is the President of InfoSight Partners, LLC, a business consultancy which provides
financial and technology advisory services devised to facilitate focus into the value of information
assets. InfoSight Partners is led by Mark Albala, who has served in technology and thought
leadership roles and serves as an advisor to analyst organizations and Lynn Albala, an officer of
the NJ State Society of CPAs (who leads the financial advisory services offered by InfoSight
Partners, LLC). Mark can be reached at mark@infosightpartners.com.