What: BCG analysis reveals critical disconnect between IT, security, and business teams in managing digital risks, highlighting how siloed approaches increase vulnerability to cyber threats.

Why it is important: As recent retail cyber attacks demonstrate, the traditional siloed approach to digital security is no longer viable, requiring a fundamental transformation in how organisations integrate technical and business functions to protect against evolving threats.

The BCG analysis highlights a critical organisational challenge in today's digital-first business environment, where siloed approaches to cybersecurity and IT disruptions significantly increase vulnerability to threats. The research reveals how disconnected objectives and processes between IT teams, cybersecurity experts, and business leaders create dangerous gaps in digital risk management. This fragmentation is exemplified by recent incidents like the global CrowdStrike outage of July 2024, which demonstrated how technical failures can cascade into broad business disruptions. The solution requires synchronising business, IT, and security teams through aligned incentives and embedded cybersecurity within broader business strategy. The analysis emphasises that this is not merely a technical challenge but a fundamental organisational issue requiring attention from top leadership. The increasing regulatory scrutiny and rapid adoption of AI technologies further amplify the urgency for this integrated approach to digital risk management.

IADS Notes: The call for synchronised IT, security, and business teams reflects critical lessons learned from recent retail sector incidents. The March 2025 Crowdstrike outage, which caused GBP 5.4 billion in losses across Fortune 500 companies, demonstrates how technical failures can cascade into major business disruptions. This aligns with April 2025 data showing ransomware now accounts for 30% of retail security incidents, highlighting the evolution of cybersecurity from a technical issue to a fundamental business risk. The recent M&S cyber attack, which wiped GBP 700 million off their market value, exemplifies how leadership accountability has become crucial in cyber incident management. The Co-op's data breach affecting 20 million customers further emphasises the importance of cross-functional coordination, while El Corte Inglés's third-party provider breach underscores the need to balance digital innovation with robust security measures.

A synchronised approach to digital risk