Agile Business Growth and Cyber Risk:

Cloud computing and the Internet of Things (IoT) have transformed businesses, enabling agile and cost-effective IT infrastructure. Both create new opportunities for entrepreneurial businesses and disruptive business models enabling growth. The challenge is that these new opportunities create a co-mingled architecture which is difficult to secure. The complexity of this architecture is magnified with the IoT. Based on interviews with executive leadership teams and boards of directors facing these new environments, we developed the over-arching research question: How do we secure increasingly dynamic architecture in an environment while supporting and creating agile business growth? We then narrowed this down to more specific questions dealt with in this study. The research involved an in-depth exploration of this problem using a survey instrument and multiple qualitative methods involving business leaders from 59 companies between 2017–2018. Based on this analysis, we developed an information security framework for executives in this new environment that builds on previous work. This framework is called the Extended Risk-Based Approach and provides businesses with an approach for securing an enterprise amidst the IoT and agile architecture. Importantly, the data analyzed suggests that this approach is critically needed to address the rapidly growing complexity of enterprise architecture and the digital world we live and work.