As one of the Pell Center’s new adjunct fellows for cybersecurity, Paul McGreevy is ready to bring his expertise to the Rhode Island Corporate Cybersecurity Initiative.
McGreevy has spent more than 14 years as a senior management and IT consultant with KPMG LLP, BearingPoint Inc. and Deloitte Consulting LLP, where he specialized in business strategic planning, organizational development and technology architecture for federal agencies. He also served as director of the Department of Business Regulation from 2011-2015, serving statutorily as the state banking commissioner, commissioner of insurance, real estate administrator and state boxing commissioner.
Through your experience in technology consulting and government, you’ve cultivated proficiency in strategic planning, business development and, above all, a strong understanding of both the private and public sectors. Why should companies, especially private financial institutions, care about cybersecurity and data protection?
As cyber attacks of all varieties become more prevalent, the bottom line of companies will be more impacted. This may be through actual financial theft, loss of intellectual property and reputation, and/or exposure to legal liability, either civil or criminal. This last impact may be the most significant in the coming years as privacy concerns generate shareholder and customer law suits.
How have you seen the response to cyber threats evolve in the financial industry over the past decade?
In the recent past, losses from cyber attacks were seen as a cost of doing business. However, as these known costs go up combined with the unknown legal risks, there appears to be a growing awareness and acceptance that cyber risk needs to be managed as a business problem, not just a technical one.
In the past few years, companies have also added new C-level roles—Chief Digital Officer (CDO) and Chief Information Security Officer (CISO). For companies who do have CDOs and CISOs, do you think they have been successful in preventing or at least mitigating cyber incidents vs. companies without CDOs and CISOs?
The key factor is not the title or adding another box to the organization chart, but what authority these positions have and their relationship with the other C-level roles – and the Board of Directors for public companies. If they are truly part of the leadership team and business decisions, then they can be more successful.
What can be done to encourage more companies and organizations to understand the importance of a strong cybersecurity position within their organization and to invest in best cybersecurity practices?
The biggest impact can be achieved by making the leadership more aware of the nature of the threat, and that it is evolving rapidly, and their central role in mitigating the effects. The Pell Center is positioned to help in this dialog. This is the critical role the Pell Center is playing today.
You actively reached out to Francesca Spidalieri, the Pell Center’s Senior Fellow for Cybersecurity Leadership, to become more involved with the Center. How did you identify the Pell Center as a leader in cybersecurity research and as a leading facilitator of public-private partnerships, information-sharing efforts, and cybersecurity education/training in the state?
As a former director of a state regulatory agency of financial institutions, I recognized we needed help in defining and addressing this issue from a top-down, leadership perspective as opposed to a purely technical one. The Pell Center is perfectly positioned to assist in this way. They assisted our agency with awareness training and facilitating cross agency discussions involving legislation, policy development, table-top planning exercises and even intern support. I hope I am able as an adjunct fellow at the Pell Center to further develop partnerships with both government and private entities in order to increase our economy’s ability to address the cyber threat.
Beyond mitigating cyber threats, what are other pressing economic challenges our elected officials will have to face?
I believe there is an economic opportunity in the world of cybersecurity challenges in which we find ourselves. In addition to the direct business opportunities for firms that can assist in mitigating the threat, general economic growth can be facilitated by the local, state, or national economy that can create the business climate that fosters a proactive view of cybersecurity. This economy will attract business and encourage start-ups that seek a safer environment than might be available elsewhere. This will be true for small as well as large businesses since as the nature of the threat multiplies all types of companies may be targets.