I classify the cyber-readiness of firms into two basic categories: “cyber-reactive” and “cyber-adaptive.” Financial services executives meet the criteria of a cyber-adaptive firm can be confident that they have effective cybersecurity programs and practices in place. A cyber-adaptive firm believes it is just as important to invest in people and...