McKinsey released a Podcast interview of three McKinsey Cybersecurity experts who said among other things “I think the key insight of the last ten years has been that you can’t do cybersecurity in secret. You can’t do it behind a wall in the intelligence agencies. For the obvious reason that the attacks are out there in open source in the economy, on the internet. It’s all visible. Well, most of it visible.” The January 2019 podcast entitled “Defense of the cyberrealm: How organizations can thwart cyberattacks” included this response by cyber expert Robert Hannigan about whether we are “winning?”:

No, I think we are making progress, but I think it would be very rash to say we’re winning. If you look at the two big trends, the rise in volume of attacks and the rise in sophistication, they are both alarming. On volume, particularly of crime, there were something like 317 million new pieces of malicious code, or malware, [in 2016]. That’s nearly a million a day, so that’s pretty alarming.

On the sophistication, we’ve seen, particularly, states behaving in an aggressive way and using very sophisticated state capabilities and that bleeding into sophisticated criminal groups. It’s a rise in the sheer tradecraft of attacks. So no, I don’t think we’re winning, but I think we’re doing the right things to win in the future.

I would encourage everyone to read the article or listen to the podcast.