Ever been hacked at home? Cybersecurity’s four big challenges in the remote-work era.

Cybercrime and punishment ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ .

Cybersecurity challenges The news • Zero trust. Who should you trust? In cybersecurity, the right answer increasingly appears to be “no one.” Many organizations are switching to “zero trust” security methods, which require that every user and device is verified continuously. With more data being stored in the cloud and millions of remote workers logging on from home, securing critical data is becoming even more important. The zero-trust security sector is projected to reach $51.6 billion in 2026, compared with $19.6 billion in 2020. [CNBC] • To err is human. Nearly 90% of data breaches occur when an employee makes a mistake. Cybersecurity isn’t just a problem to be relegated to IT: the whole organization must safeguard the company against cyberattacks. Boards of directors have a key role to play. Board members don’t need to become cybersecurity experts, but they should be knowledgeable about cyberthreats. At board meetings, it’s crucial to ask and answer questions about cybersecurity—including how the company detects breaches and how it plans to respond after an incident. [HBR] Organizations struggle with understanding how to measure the return or value of a dollar spent on cybersecurity, as well as how to communicate its value to stakeholders. Our insights • Visibility gaps. Cybercriminals are bombarding remote workers with an array of threats. For example, spear-phishing attacks—when hackers pose as a trusted contact to steal confidential data—have increased by nearly seven times since the start of the COVID-19 pandemic, according to a McKinsey survey. But even though cyberattacks are spiking, cybersecurity providers often don’t have the visibility they need into the digital infrastructure to recognize when, where, or why there is a problem. • Millions of vacant jobs. More than three million cybersecurity jobs remained unfilled in 2021, and that massive shortage of talent is affecting both clients and providers. Although technologies like AI and machine learning are helping to analyze threats, those technologies are only a supplement to the essential work of security analysts. See the four challenges that remain unsolved for providers of cybersecurity services and suggestions for how to address them. — Edited by Belinda Yu    Confront cyber challenges Was this forwarded to you? Sign up here. Or send us feedback — we’d love to hear from you. Follow our thinking This email contains information about McKinsey’s research, insights, services, or events. By opening our emails or clicking on links, you agree to our use of cookies and web tracking technology. For more information on how we use and protect your information, please review our privacy policy. You received this email because you subscribed to the On Point newsletter. Manage subscriptions | Unsubscribe Copyright © 2022 | McKinsey & Company, 3 World Trade Center, 175 Greenwich Street, New York, NY 10007