Share this email
ESSENTIALS FOR LEADERS AND THOSE THEY LEAD
Click to get this newsletter weekly
Edited by Rama Ramaswami Senior Editor, New York
World events today may not give much cause for optimism, but businesses can take comfort in at least one thing: research shows that they are the most trusted institution. People also view societal leadership as a core business function. All the more reason, then, for organizations to invest in building digital trust—the confidence of customers, employees, and stakeholders that their online interactions are secure, their data is protected and used ethically, and the digital products and services they use are trustworthy. “The stakes for companies could not be higher,” say McKinsey’s Kayvaun Rowshankish and others in this article on data management traps to avoid. “Organizations that fail to walk the walk on data ethics risk losing their customers’ trust and destroying value.”
AN IDEA
Often shadowed by tracking technologies, consumers are highly wary of how brands use their personal information; many will buy only from companies that have a reputation for protecting consumer data. Organizations that lead in digital trust—defined as those companies with employees who follow codified data, AI, and general ethics policies and that engage in cybersecurity best practices—are more likely than others to see annual growth rates of at least 10 percent on their top and bottom lines, according to research by McKinsey’s Alex Singla, Kate Smaje, and colleagues. But while nearly 90 percent of companies believe that they are somewhat effective at mitigating digital risks, 57 percent have suffered at least one data breach in the past three years. This is where digital-trust leaders come out ahead: 41 percent have experienced an adverse event in the past three years, compared with 53 percent of all other institutions. “Achieving digital trust is a major strategic imperative and a huge business differentiator,” says McKinsey’s Jim Boehm.
A BIG NUMBER
$101.5 billion
That’s the amount that organizations are projected to spend on cybersecurity service providers by 2025, according to McKinsey research. “Even today’s most sophisticated cyber controls, no matter how effective, will soon be obsolete,” note McKinsey experts in this article on the latest cybersecurity trends and their implications for organizations. As cyberattacks grow more widespread, sophisticated, and frequent, companies are racing to keep up: market indicators show the costs of cybercrime increasing 15 percent annually, reaching $10.5 trillion in 2025.
A QUOTE
That’s McKinsey senior partner Kevin Buehler and other experts on managing the unwanted consequences of AI, such as privacy violations, discrimination, accidents, and even manipulation of political systems. Leaders can keep some incidents at bay by creating a risk prioritization and mitigation framework based on legal guidance and technical best practices. One way to do this is to map specific AI risk categories against possible business contexts. For example, privacy breaches usually occur in the context of data capture, collection, extraction, or engineering; therefore, any mitigation efforts should be directed to these areas. Alongside this framework, organizations should consider reviewing past failures in risk mitigation, since AI draws its predictive power from past events.
A SPOTLIGHT INTERVIEW
“A cyberattack tends to elevate and exacerbate tensions that already exist within an organization,” says McKinsey’s Wolf Richter in this podcast on how boards of directors can help shore up their organizations’ digital trust. “The board’s responsibility is to make sure that the executive team has a plan, is prepared, and is preparing the whole organization for the eventuality of an attack.” That means targeting particular vulnerabilities—such as field-service agents and customer service representatives—and balancing cybersecurity investments with investments in other parts of the business. “If I was a board member, I would ask which assets or parts of the organization the cybersecurity team and the leadership team focus their attention on,” Richter says. “The more specific they are in targeting initiatives toward specific systems, infrastructures, processes, and people, the better I would feel as a director.”
GONE FISHING
Phishing, pharming, sandboxing, island hopping—far from being things you’d do on vacation, these are just a few of the kinds of cyberattacks unleashed on organizations with alarming frequency. Incidents of cybercriminals holding data for ransom surged 105 percent worldwide in 2021, with governments and the healthcare industry bearing the brunt of the attacks. The large-scale adoption of work-from-home technologies following the pandemic makes it harder for companies to maintain security, but leadership teams should consider bolstering four key areas of vulnerability, including conducting a quantitative risk analysis and enhancing response and recovery capabilities.
Lead with digital trust.
Follow our thinking
Share these insights
Did you enjoy this newsletter? Forward it to colleagues and friends so they can subscribe too. Was this issue forwarded to you? Sign up for it and sample our 40+ other free email subscriptions here.
