 |
October 12, 2018 |
|
 |
| Weekly need-to-know content |
|
|
|
|
| Welcome to the Shortlist: new ideas on timely topics, plus a few insights into our people. Subscribe to get it in your inbox on Fridays. Scroll down to see what Vivian Hunt, senior partner and diversity expert, is reading. |
|
|
|
| Threats from cyberattacks are growing in number and intensity worldwide. Every year, hackers produce some 120 million new variants of malware. Several billion data sets are breached. And companies report thousands of attacks every month, ranging from the trivial to the extremely serious. Think WannaCry, NotPetya, Meltdown, and Spectre. |
| Wow. Scary. Until recently, the primary targets of cyberattacks were financial firms and governments. Today, the threat is universal, for companies and customers alike. Little wonder that risk managers now consider cyberrisk the biggest threat to their business and that some companies are investing up to $500 million on cybersecurity. |
| According to a McKinsey survey, 75 percent of experts consider cybersecurity to be a top priority. Yet only 16 percent say their companies are well prepared to deal with an attack. In the digital age, distinctions among physical and information security, business-continuity management and data protection, and in-house and external security are obsolete. Cybersecurity should encompass it all. |
| It also bears emphasizing that the insider threat via a company’s own employees (and contractors and vendors) is one of the largest unsolved issues in cybersecurity. It’s present in 50 percent of breaches reported in a recent study. Companies are certainly aware of the problem, but they rarely dedicate the resources or executive attention required to solve it. |
| Monitoring technologies are a start, but their effectiveness increases significantly when combined with more active approaches. Among these are microsegmentation—homing in on “hot spots” of risk—and moving to a predictive posture, which allows the identification and disruption of insider activities much earlier in the threat life cycle. |
| More broadly, the most important factor in any cybersecurity program is trust. The board needs to trust senior management to have a strategic, long-term view. Business units, including the IT and cybersecurity teams, need to trust each other enough to agree on how to deploy a security plan. And companies must trust external partners, like cloud vendors, not to let bad guys in the back door. |
| The enemy of that sort of plan? Senior business leaders and the board seeing cybersecurity as a priority only when an intrusion occurs, while the chief security officer and his team view security as an everyday priority. |
| Then, agree on your organization's crown jewels—proprietary intellectual property? private customer data?—and make sure people across the organization have bought into the protection priorities. In this battle, spending more isn't necessarily spending smarter. One mining company, for example, realized it was protecting production data that could be reconstructed from public sources. So, it turned its focus to protecting proprietary information instead. |
| Companies would do well to adopt a new posture—comprehensive, strategic, and persistent. In our work with leading companies across industries, and in our conversations with experts, we have seen a new approach take root that can protect companies against cyberrisk without imposing undue restrictions on their business. One of the guiding principles: think like a hacker. |
|
|
| OFF THE CHARTS |
| High-growth emerging economies: The mighty 18 |
| Seven developing economies, below left, had real annual per capita GDP growth of at least 3.5 percent for 50 years, while 11 other, less-heralded economies, below right, grew at least 5.0 percent annually over the past 20 years. Collectively, these outperformers have been the engine for lifting one billion people out of extreme poverty, defined by the World Bank as living on less than $1.90 per day.
|
 |
|
|
| MORE ON MCKINSEY.COM |
| The rewards of facing up to risk | To say that today’s corporate executives face a perilous and costly risk environment is quite the understatement. Here’s how market leaders are taking a holistic approach to risk management. |
| Behind the mining productivity upswing | Digital technology, when implemented with management and mind-set changes, is leading to meaningful operational improvements for the mining industry. |
|
|
| WHAT WE’RE READING | Vivian Hunt |
|
| Vivian Hunt leads our UK and Ireland offices and supports clients in the areas of performance transformation and organizational development. In 2018, Vivian was appointed Dame Commander of the Order of the British Empire for services to the economy and women in business. |
|
|
|
| I’ve always loved reading biographies to discover more about the different lives people have led across history, geographies, and professions. Recently, I watched the film Darkest Hour with my family and was inspired to read the book of the same name. Written by Anthony McCarten, Darkest Hour: How Churchill Brought Britain Back from the Brink explores Churchill’s leadership in 1940 as Hitler’s forces pushed the British back to Dunkirk, one of the most crucial points in the Second World War. |
| My children have also taken a real interest in cricket, so I thought I should learn more about it. Sir Vivian: The Definitive Autobiography is by Viv Richards, whose leadership forged a West Indies team that dominated world cricket for decades. The book is a fantastic introduction to the sport and one of its most remarkable players. |
| Although it’s not a biography, this summer I also re-read Will Hutton’s The State We’re In, which explores how longer-cycle economic drivers are shaping the United Kingdom’s political landscape. I moved to the United Kingdom from the United States in 1996—at about the time the book was written—yet the message remains as relevant as ever, both locally and globally. In an increasingly uncertain climate, the book is a poignant reminder of how important the economic engine is. |
|
|
|
| BACKTALK |
| Have feedback or ideas? We want to hear from you. |
|
|
|
|
| |
