BCG appoints Paul O'Rourke as global cybersecurity leader

09 December 2020 2 min. read
More news on

Global consulting giant Boston Consulting Group has named Paul O’Rourke as head of its global Cybersecurity practice.

The Melbourne-based partner and managing director has been hired externally, bringing with him two decades of experience in consulting, technology and banking to the firm. Prior to joining Boston Consulting Group, O’Rourke was the global head of cyber security at Big Four professional services firm PwC

His previous roles have included being the Asia Pacific head of cyber security services at EY and Accenture, as well as being the Chief Information Security Officer at ANZ Bank. 

Paul O'Rourke, Global Cybersecurity Leader, BCG

O’Rourke specialises in cyber risk strategy and cyber incident response for boards and the C-suite, and outside of his professional work, he is a frequent media contributor and spokesperson on cyber risk trends and incidents, and a lecturer at INSEAD on cyber risk management. 

At Boston Consulting Group (BCG), O’Rourke is a leader in the firm’s Digital BCG center, Technology Advantage practice and BCG Platinion, a subsidiary of BCG that specialises in technology implementation. In the role of Global Cybersecurity Leader, he leads a team of more than 400 professionals operating from 80+ offices globally.

Commenting on his new challenge in AFR, O'Rourke unpacked on how his new employer views cybersecurity challenges. One of BCG’s main principles is that cyber risk no longer is the responsibility of just the technology department, but in light of the rapidly digitising environment, now much more a “strategic enterprise risk issue”, he said.

This means that “boards and senior executives need to take more responsibility for cyber security risks, rather than throwing money at the problem and leaving it to their technology departments to handle.”

O'Rourke added that at BCG, it is in the firm’s DNA to take a strategic perspective to topics, in sync with an understanding of the technology aspects. In the case of cyber engagements, the firm works with company leadership to assess which areas of the business are at risk, and then take an “evidence-based cyber strategy approach” to pinpoint where investments are most needed and make most sense.