Share this email
ESSENTIALS FOR LEADERS AND THOSE THEY LEAD
Click to get this newsletter weekly
Brought to you by Alex Panas, global leader of industries, & Axel Karlsson, global leader of functional practices and growth platforms
Welcome to the latest edition of Leading Off. We hope you find our insights useful. Let us know what you think at Alex_Panas@McKinsey.com and Axel_Karlsson@McKinsey.com.
—Alex and Axel
Your organization may never have been the target of cybercrime—but all it takes is one data breach to damage its reputation and customer loyalty. New and more sophisticated cyberattacks occur almost daily, and generative AI (gen AI) tools have made it all but impossible to distinguish between real and fake content. In an environment of heightened vigilance, tech and cybersecurity leaders are moving into the spotlight. For more news and strategies, check out our latest article on cybersecurity—part of our McKinsey Explainers series—and the insights below.
AN IDEA
Cyberattacks have become so damaging—the estimated annual cost of cybercrime could reach $10.5 trillion by 2025—that some organizations have invested in extensive defensive capabilities, including, in some cases, military-grade technology and cyber talent. While these can be effective safeguards, it’s also critical to consider the role that boards of directors could play in shoring up cyber defenses, according to McKinsey experts in a new article. Besides providing oversight and guidance, board members can evaluate the potential impact on business and “make sure the security team feels the mantle of accountability to deliver on what they promised,” observe the authors. “When it comes to cybersecurity, the ultimate compliment for an organization is that nothing happens—the enterprise keeps running uninterrupted. A board of directors can lead that charge.”
A BIG NUMBER
3
That’s the minimum number of dimensions that cybersecurity providers need to consider to offer a reliable security proposition. McKinsey partner Marc Sorel and colleagues note that business value is a critical dimension. “Organizations today struggle with understanding how to measure the return or value of a dollar spent on cybersecurity,” they say. “Providers should structure their output, reporting, and dashboards to speak to business audiences as well as technical audiences.”
A QUOTE
That’s McKinsey experts in an article on what they call the “talent-to-value protection” approach to reducing cyber risk. Unlike traditional security talent management, where the most important roles depend on hierarchy, talent-to-value protection defines the most important roles as those that show a maximum reduction in risk or create the most security value. Given the current global shortage of skilled cybersecurity workers, this approach to hiring could be a game changer for organizations. “Leaders can progressively reduce risk in key areas rather than attempting to mitigate it all at once,” suggest the authors.
A SPOTLIGHT INTERVIEW
It’s often a challenge for companies to keep their cybersecurity protocols up to date—and generative AI (gen AI) has only made it more difficult. “Malicious use has been more headline-grabbing because of deepfakes and scams,” says McKinsey senior partner Ida Kristensen in an episode of the Inside the Strategy Room podcast. For example, in the past, most spam emails could be identified readily by their “bad grammar, bad language, and things that just didn’t quite make sense,” she says. “But now it is so much easier to create high-quality spam emails using gen AI.” While security controls and oversight can help, enhanced human awareness of risk may offer the most effective protection. “Risk management is everyone’s job,” says Kristensen. “You’ve got to make sure that you have people who say, ‘That’s a little weird. That guy never leaves me a voicemail.’”
HOGWASH
Cyberattacks may not be colorful, but the language used to describe them can be. “Pig butchering” joins the lexicon of cyberthreat standards such as phishing, pharming, smurfing, and island hopping. Derived from the practice of fattening hogs before slaughter, the term pig butchering refers to swindles where the scammers gradually “fatten” victims by gaining their trust and eventually lure them into making financial investments. What precautions can businesses take against this and other types of online fraud? “Even today’s most sophisticated cybercontrols, no matter how effective, will soon be obsolete,” caution McKinsey partner Jim Boehm and colleagues, pointing to three cybersecurity trends that leaders may need to watch to understand and mitigate the disruptions of the future.
Lead by improving cybersecurity.
— Edited by Rama Ramaswami, senior editor, New York
Follow our thinking
McKinsey Insights - Get our latest thinking on your iPhone, iPad, or Android.
Share these insights
Did you enjoy this newsletter? Forward it to colleagues and friends so they can subscribe too. Was this issue forwarded to you? Sign up for it and sample our 40+ other free email subscriptions here.
Copyright © 2024 | McKinsey & Company, 3 World Trade Center, 175 Greenwich Street, New York, NY 10007
