McKinsey Misses Cyber In 2024 CEO Tips—Here’s 4 Clever Solutions

December 18, 2023
1 min read

In its annual guide, “What matters most? Eight priorities for CEOs in 2024”, consulting giant, McKinsey, has received criticism for failing to emphasise the importance of cybersecurity. The report focuses largely on topics like AI, digital transformation, talent, growth and macroeconomic awareness. However, it only uses the term “cybersecurity” once, despite the significant and costly attacks in recent years. New SEC reporting regulations and a lack of corporate board expertise in cybersecurity further complicate the issue. Major risks include potential business interruption, reputational damage, customer loss, litigation, regulatory issues and funds required for remediation. As cybersecurity becomes increasingly important for CEOs, four strategies are suggested:

  • Improving board governance. A lack of board support, challenge, and governance is a common issue in many C-suites. To promote better stewardship, CEOs should push for a review of board committee composition, better access to external tech experts, and a benchmark for cyber oversight best practices.
  • Quantifying risk and resilience. Senior leaders need to comprehend the financial and business implications of potential loss contingencies. Enhancing sensitivity analyses and decision-making through risk transfer market methodologies could aid in this.
  • Comprehending the ‘kill switch’ and preparing for its use. In the event of business interruption due to a cyberattack, it is crucial that leaders can address the problem swiftly. This involves understanding who has the authority to halt operations as well as ensuring that leaders understand how they should respond during a crisis.
  • Establishing and testing disclosure policies and procedures. With strict new SEC reporting requirements on cyberattacks, it is important that companies have clear, efficient and tested protocols already in place. Executives should therefore review and benchmark their cyber response disclosure procedures regularly.
  • In the digital era, the importance of solid cybersecurity measures cannot be overlooked. As such, it is high time that C-suites start prioritising it in their strategies.

    Latest from Blog

    EU push for unified incident report rules

    TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and