Article

09_Aug_CTO_McKinsey named a Leader in Cybersecurity Consulting Services by Forrester

McKinsey Named Leader in Cybersecurity Consulting Services

McKinsey has been recognized as a leader in cybersecurity consulting services, the highest designation possible, in The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024 report.

Forrester helps business and technology leaders use customer obsession to accelerate growth. It empowers organizations to put the customer at the center of everything they do: be it leadership, strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. And for four decades, Forrester has given business and technology leaders the confidence to put the bold element into action, further shaping and guiding how to navigate change in order to succeed.

Forrester evaluated 15 providers on 24 criteria. McKinsey received the highest score possible on 11 of these, including cybersecurity strategy, vision delivery, customer retention, and satisfaction.

What makes McKinsey a leader in cybersecurity consulting

Standpoints where McKinsey excels include business-aligned cybersecurity strategy and vision creation, budget optimization, and technology stack consolidation. The team leverages industry and functional expertise to help clients define a comprehensive cyber strategy (covering risk, business, and cultural dimensions). Moreover, with the help of industry-leading cybersecurity technology providers, proprietary assessments, in-depth training exercises, and organizational transformation efforts, the team strives to address the client’s most pressing cybersecurity issues, be it securing a significant cloud transformation, protecting operational technology, establishing appropriate cyber capabilities, or managing the implications of a public crisis.

“We are incredibly proud of receiving this external recognition; for us, this is something to celebrate. It acknowledges what we have been hearing from our clients: that they value our unique ability to combine their strategic agenda—of their board, CEO, and executive management team—with our deep technical expertise,” said Ida Kristensen, a McKinsey senior partner and co-leader of the Risk & Resilience Practice.

Measures taken by McKinsey

Assess risk and resilience: By identifying where the business creates value and by analyzing threats, the experts design necessary cyber programs, determine the allocation of funds, and inform board discussions on cyber risk strategy.

Secure the digital transformation roadmap: McKinsey ensures their client’s digital transformation plan remains unaffected by implementing the ‘security by design’ aspect into new products and businesses.

Establish a preparedness and crisis response plan: McKinsey helps organizations minimize the business impact of cyberattacks by enabling faster and more coordinated response, improving regulatory and public perception, and building the capabilities of senior executives. The team works with clients to diagnose their preparedness. They engage the leadership team in the crisis response training program and help create a crisis playbook that establishes governance and responsibilities.

Building long-term cyber capabilities: McKinsey ensures that clients embed cyber capabilities into every aspect of their business operations. The team of experts helps in redesigning operating models, adopting agile approaches, setting up attribute-driven assessments, and in attracting and retaining the right talent.

McKinsey’s cybersecurity work focuses on helping organizations strengthen their cyber defenses and anticipate future cyber threats. They also help organizations understand and use new defensive capabilities. McKinsey’s approach is to take a step back, understand the bigger picture, and then carefully define the problem as a team. This helps them to anticipate risks and innovate.

Secrets of McKinsey’s tried-and-true cybersecurity approach

Over the years, McKinsey has undertaken nearly 570 projects across numerous industries. Their team has tripled to more than 240 cyber experts, many of whom are veterans of the U.S. military and intelligence operations, and from the leadership and frontlines of cybersecurity organizations.

McKinsey has served several clients who have experienced very severe cyber-attacks. The team has helped clients restore operations, get back up on their feet, minimize the cost and implications of the attack, and used the opportunity to help them build greater resilience to move forward.

Cyber risks are constantly changing. We have evolved as a society to recognize this is a common problem. Significant resources are being invested in the public and private sectors, and different groups are collaborating to solve it. Moreover, government bodies are actively setting guidelines to protect security, privacy, and safety.

However, one thing that remains interesting about cybercrime is the human element. Ninety percent of all cyberattacks start with a phishing attempt. Despite this being a very technical topic, a huge part of the defense lies in educating humans.  If an organization educates everyone about cybercrime and cyber security, it will make a big difference. It will not only make everyone wise but will also save various businesses from huge losses.

In brief

McKinsey recognizes that cybersecurity is not a cost center but a business enabler. The firm sees cybersecurity as a board-level priority and helps find the right strategy that’s aligned with the organization’s priorities. Moreover, the team communicates a clear plan to boards and stakeholders and prepares the organization for tomorrow’s challenges.

Avatar photo

Gizel Gomes

Gizel Gomes is a professional technical writer with a bachelor's degree in computer science. With a unique blend of technical acumen, industry insights, and writing prowess, she produces informative and engaging content for the B2B leadership tech domain.