As heads of governments and business leaders gather in Davos to agree how best to achieve cooperation in a fragmented world, NCC Group’s chief executive, Mike Maddison, explains how we lead the way in promoting a whole of society approach that addresses the increasingly complex nature of cyber threats, mitigates the risk to companies, governments and societies around the world, and drives the innovation we need to succeed in a digital first future.
Transcript
Rosanna Lockwood: This year's World Economic Forum is meeting under the theme cooperation and a Fragmented World. UK headquartered NCC Group is an industry leader in cyber security and escrow services, and they say that cooperation is key to staying ahead of adversaries and threats.
Rosanna Lockwood: I'm Rosanna Lockwood and I'm in Davos, where I sat down with NCC Group's CEO to find out how they're putting this into practice.
Rosanna Lockwood: Mike Maddison, CEO of NCC Group, It's fantastic to have you here with us in beautiful Davos, Switzerland.
Mike Maddison: Thank you very much.
Rosanna Lockwood: What does it feel like coming over from the UK and Europe, talking about your company?
Mike Maddison: It's really exciting. And it's the first time in Davos and apart from the weather, it's it's really, really good.
Rosanna Lockwood: Yeah. Sorry about that. We arrived a week ago. It was sunny, but at least you've got snow this time, which is a nice thing. Now, cyber, cybersecurity, this is the kind of the realm that you're operating in. We want to have a discussion about the threat landscape, about what's going on in the world, where your business fits in.
Rosanna Lockwood: But first of all, just for the uninitiated, give us a sense of what NCC group actually does.
Mike Maddison: So NCC Group is a provider of cybersecurity services globally. We help our clients with the end to end issue of cyber risks, whether that's from a consulting perspective, whether it's from the design implement or operator of the security environment, because I think we recognise that our C-suite clients have concerns, they need confidence and we're able to help them with that.
Rosanna Lockwood: I just want to get a sense of what NCC Group looks like as an international company mentioned that international presence where are you based and sort of what size are you?
Mike Maddison: So we are a £300 million FTSE 250 listed technology company. We are headquartered in Manchester, so we are we do have a northern England footprint, but our business is based around North America, a significant footprint in obviously the UK and Western Europe and also in Asia-Pac. So we do have a considerable global footprint and global presence, which is why we serve so many international clients.
Rosanna Lockwood: Okay, it sounds straightforward enough. Talk to us about the formation of the company. Always find this interesting in the cyber security space because it's a fairly somewhat in nascent, somewhat established sort of industry. It's quite a crowded landscape. So what was the origin of NCC?
Mike Maddison: Well, it's fascinating. I've been in the security industry for far too long to mention, and NCC, quite unusually, has a very long pedigree. It actually started way back in the sixties as part of the UK government's initiative into the new computer landscape. So it has evolved throughout the entire history of this technology. IT security challenges on cybersecurity is obviously the latest iteration of that.
Mike Maddison: So we've got a very long and quite a quite established pedigree around cybersecurity. And as a result, we work very closely with our public sector and government clients on a lot of the policy side of things. So it's a it's a very dynamic, high level, innovative and passionate about our purpose.
Rosanna Lockwood: I'm just want to talk a bit more about that sort of threat level and the landscape that you've seen. You've mentioned you've been in the security industry for longer than you can remember, but what have you seen evolving during that time?
Mike Maddison: I think the main observation I'd have about cyber security or information security and any of the sort of the technology related risks is historically it was very much a technical domain and it was a concern of the technical functions. What I think we've seen as digitalisation has become ubiquitous. It's in every aspect of our lives. The risk and the threat has obviously increased and therefore the concern of, if you like, the C-suite senior executives, governments, has equally focussed on cybersecurity.
Mike Maddison: So we're seeing that that our engagement has moved from very much a technical focus to actually how do we solve a fundamental business risk, which is arguably the defining risk of the digital age, which is cybersecurity.
Rosanna Lockwood: So you've given us a really good overview of the origins of NCC Group and the types of work you're doing now that you're offering. But I'm interested to know almost from the client offering perspective how your market sells out differently. Cyber is obviously quite a crowded landscape, so what what is NCC doing that's really sort of pushing it ahead?
Mike Maddison: It's a great question. I think by the nature of its pedigree, NCC group has a breadth and depth of skills, which is really quite unique in the marketplace and as I say, I've been in this industry a long time and it really is quite fundamental to our success and the passion of our individuals that we've got within the organisation.
Mike Maddison: But what I think we're able to bring to clients, which is really very different, is probably around our ability to provide insights from our global client footprint and our global operations. We're able to bring the intelligence that we see from working with organisations. And what about the threats? And we invest very heavily in understanding those perspectives. And we have a phenomenal research team who work very closely with a number of agencies to identify really insightful components to that intelligence.
Mike Maddison: And the final piece is innovation. We've got great people who are really involved in their domains who are able to bring great capabilities to clients and work with clients to actually find solutions to their problems.
Rosanna Lockwood: You've given us a sense of this sort of evolving threat landscape you've seen throughout your career today, and obviously the future could hold sort of limitless potential in terms of threats. Hence why companies like yours exist. But when it comes to dealing with threats, talk to us about what you've noted in the way that governments, public sectors, societies sort of work together to to confront those threats.
Rosanna Lockwood: Are you reassured by what you see?
Mike Maddison: I mean, this is this is a fascinating area. And I think the way you phrase that phrase, that is is absolutely spot on. It is a whole of society response. Technology is ubiquitous. Now. These issues affect everybody, whether it's in a professional environment, whether it's in the domestic environment, it's whether it's the government and how they outreach their citizens.
Mike Maddison: So it is absolute fundamental that any response to cyber risks and cyber threat is encompasses all of those domains. And we work very closely with policymakers as legislators to actually look at how they bring all of those components together. I'm very proud, for example, how we almost convene a number of those those parties to actually bring the very best of the thinking to actually provide that input.
Rosanna Lockwood: Are glad you brought up cooperation because we're sitting here in lovely Davos, Switzerland, where the World Economic Forum takes place on an annual basis this year. World leaders meeting under the theme of cooperation in a fragmented world, trying to address global issues. These global leaders coming together to stop what they're calling a decade of inactivity. So looking ahead to a decade, the next decade potentially in cybersecurity, what do you think is going to lead the charge in terms of the work that you do at NCC group?
Rosanna Lockwood: Are you most guided by what's happening in the threat landscape or is it more to do with the innovation side?
Mike Maddison: It's both. I think you can't decouple the two. So the changing risks and threats organisations, the public sector citizens face around this topic mean that there is such a pace of change. Technology is also driving change. There needs to be a degree of cooperation just to be able to tackle them. By the nature of the threat, which again is international, whether it's nation state, geopolitical driven or whether it's criminals, they operate internationally.
Mike Maddison: So you have to be able to cooperate across border. What we are very keen to see and I think the evidence suggests there have been a far greater degree of cooperation now than ever before between governments around this topic. And I think we're very keen to see that continue. And certainly if you then take that to the private sector because of hugely complex ecosystems, supply chains, they need that degree of cooperation as well.
Mike Maddison: And we work very closely with clients trying to understand the implications throughout their they're very broad ecosystems. So I think that cooperation is absolutely fundamental. And I think the trajectory is very good.
Rosanna Lockwood: On the client side, what is I know it's difficult as you work with such a huge range of clients, but if you could sort of talk about some of the biggest oversights people make when it comes to cybersecurity at board level, what should they be considering?
Mike Maddison: So that's is a very tricky question. So I would always start with actually doing the fundamentals. Right now many organisations are large, complex. I mentioned the ecosystem, the supply chains actually getting a handle on the extent to which they face cyber risk and addressing it, but admitting to the risk in the first instance, getting an understanding of the extent of the risk and then prioritising the right level of response to that risk, that's one of the first fundamental steps.
Mike Maddison: The second is being able to get the right skill sets and the right insights to be able to address the technical challenges that they face. And we all know there is a huge lack of the skills in the marketplace to be able to do that.
Rosanna Lockwood: You reassured by the talent that's out there in the locations that you operate in, that you do, you can find the right type of talent to keep evolving with the evolving threat landscape.
Mike Maddison: There is there is a significant lack of talent in the marketplace. And we've been talking about this for years. One of the things I'm very, very proud of NCC being able to do is actually to take and nurture the talent to build it, which has been hugely successful for us. So I'm confident a glass half full sort of individual.
Mike Maddison: So I'm very confident that we can get the talent, but I think investing is fundamental to that. So the talent is there, the talent is definitely available, but we have to look at it in a slightly different way to maybe way how we've done it before. So we have to consider the diversity and inclusion component of that. And I think that looking far broader than where we have done traditionally, I think is going to be fundamental in neurodiversity.
Mike Maddison: We've invested significantly in individuals to be able to play a very full role in in delivering service to our clients.
Rosanna Lockwood: Really interesting to get your insights across not only the way your company operates, but the way that the cybersecurity landscape is evolving and also how your sector is evolving with it. It's been great talking to you here. Davos, Switzerland, Mike Maddison, CEO of NCC Group.
Mike Maddison: Thank you. Very much.