Skip to main content
service lines
Back to How We Help Clients
Modernize core technology


A major cybersecurity event can affect billions of dollars in assets, and damage a hard-earned reputation. Protecting yourself takes foresight and resilience—folding risk considerations into business decision making, while upgrading security protections in the IT environment.

Despite the speed, variability, and growing commercial implications of breaches and other cyberattacks, most institutions still manage digital security in a way that feels distinctly old-fashioned—by delegating responsibility to IT or security, by using protections designed to meet yesterday’s attacks, and by applying burdensome restrictions that impede innovation.

McKinsey’s approach integrates cyberresilience into management and governance processes and extends that integration deep into the technology environment, providing differentiated protection for an institution’s most important assets.

Aligning security with business objectives

Our goal is to help businesses direct the most rigorous defense mechanisms toward the most important information assets. We help clients determine what to protect and how much to spend through a combination of evidence-based assessments, a software-enabled methodology that helps companies prioritize their business risks and assets, and strategies and tactical plans that align the company’s risk posture and cybersecurity approach with its business objectives.

Moving quickly to stay protected

Swift, efficient, and highly refined processes can stop an incident from starting or escalating. Our incident-simulation tools and threat libraries allow us to run detailed scenarios to surface the issues, capabilities, and plans required to help companies respond to a significant breach in real time.

And by designing those processes using lean practices, businesses reduce errors and lag time and gain the benefit of standardizing and scaling the most effective practices—so risks are detected and mitigated fast.

Protecting customers, and understanding M&A implications

The protection of customer data is paramount. When companies are designing customer experiences, we can help ensure the appropriate authentication and data-privacy elements are built into those processes. In addition, our transaction-support teams can work with businesses to assess the potential value associated with cybersecurity-related mergers, joint ventures, and acquisitions.

Featured experts

Partner, Washington DC

Tucker Bailey

Leader in Cybersecurity, Digital, and Advanced Industries; empowers senior leaders in governments, public-sector organizations,... and private institutions to identify vulnerabilities, assess and build capabilities, and mitigate risk
Partner, New York

James Kaplan

Has deep expertise on how enterprises can benefit from maximizing the use of their infrastructure. In addition, a core member... of the team tackling IT security issues