Managing Director & Partner
BCG’s program for building cybersecurity capabilities ensures that companies get the cyber skills they need, using the people who already know their industry and organization.
The shift to remote and virtual work has been a boon to cyber attackers. Massive data breaches continue, but it’s a mistake to think cybersecurity is purely a matter of technology and network security. A BCG study of 50 major data breaches found that only 23% were caused by inadequate security technology. In the vast majority of cases—77%—the breach was the result of an organizational failure, a process failure, or human error.
Given the continuous cybersecurity workforce shortage—a global gap of 3 million employees according to a 2020 (ISC)2 study—companies can’t hire their way out of this problem. But there is a solution: cybersecurity upskilling. According to BCG analysis, many functions—such as IT, risk, legal, HR, accounting, and operations—have the potential to learn critical cybersecurity skills.
We enable clients to create cybersecurity skills—at scale and speed—via our Build-Operate-Transfer (BOT) approach. By teaching cyber skills from within, companies can deploy underused or redundant employees into highly specialized positions.
We work shoulder-to-shoulder with your teams to assess current capabilities, create a roadmap, reskill and upskill employees, build a strong cybersecurity culture, and rapidly deliver business impact. Most importantly, our cybersecurity-upskilling programs enable companies to own and drive their digital transformation. Our proven methodology blends:
We take a holistic approach to cybersecurity and tailor our response to your industry, your unique risks, and the continuously evolving threat environment. Our experts work directly with your teams to teach cyber skills to the workforce, build world-class cybersecurity capabilities, and execute a cybersecurity program that fits your needs and environment.
We partnered with a fast-growing medical device company whose product portfolio was shifting from hardware to software. We worked with the client to upgrade its cybersecurity playbook. We also coached and upskilled the cyber team, identifying capable individuals within the organization and launching their training in cyber skills. Finally, we set up a train-the-trainer approach so that the client could continue upskilling after our engagement ended.
We worked with an international banking group to establish critical-event readiness and set up a new cybersecurity model, processes, and organization to strengthen third-party security teams and governance and improve cyber awareness. We used a BOT approach to codesign the target operating model and execute day-to-day as one team, empowering the client to operate independently, achieve impact quickly, and build sustainable capabilities.