First, I would generally not worry about cyber wars between nations affecting ordinary corporate computing. Stuxnet, for example, was very precisely targeted at Iranian nuclear facilities. What I would worry about is corporate espionage and cyberattacks. The main difficulty in deciding how to create cyber security is that there is an inverse relationship between the security of computer systems and the ease with which employees can use them. If you want you employees to be able to access corporate date off-site or use their own personal systems such as iPhones and tablets, you reduce security. Essentially, you need to task a working group to develop a far-ranging cyber-security set of policies that look at the security measures appropriate to different levels of corporate data and create the appropriate package of security and access levels for different data types. This might include having publicly available data including things accessible by customers, marketing tools, and other less mission critical data on one physical server and proprietary information and payroll on another server.