hero image
Paddy McGuinness - Brunswick Group. London, , GB

Paddy McGuinness

Senior Advisor, London | Brunswick Group


Paddy McGuinness advises on crisis and resilience issues, providing senior counsel to clients on ever-evolving business and political risk.


Answers (3)

How could a cyber attack affect my organization?

View Answer >

Regulatory repercussions. The General Data Protection Regulation took effect in May of 2018. We don’t know yet what fines for the worst offenders will be, but they could amount to 4 percent of global turnover. The regulator could also force companies to suspend business if they aren’t satisfied the proper steps to protect data have been taken.Loss of business. The June 2017 NotPetya attack aimed at the Ukraine caused material sales impacts for a number of global companies. They were simply collateral damage, the result of perhaps even just one user clicking on malicious links. Maersk has used the experience to warn others. They reported $265 million lost sales in a quarter following a 10-day period where the company was reduced to pen and paper while it reinstalled all of its IT systems.Share price impact. Breached companies see immediate share price impact and underperform the market in the long term. An analysis by Comparitech of 28 breaches showed that these companies underperformed the Nasdaq by 4.6 percent over the first 14 days and by 11.35 percent over two years.Lost productivity. Responding to cyber attacks weighs on your company’s performance. Production loss accounts for one-third of a company’s annualized costs due to cyber crime, the 2017 Accenture and Ponemon study found.Executives are collateral damage. Companies that have suffered major breaches, like Yahoo!, Equifax, Target and Uber, often see the resignations of either their CEO, CISO and/or General Counsel.Class action lawsuits. These are not limited to the US. We saw a firm threaten a group action suit against British Airways within days of the September 2018 data breach.

4 ways to prepare against cyber attacks

View Answer >

1. Align your response team. Swift coordination in a pressured situation requires a defined decision maker. The CEO needs to know when that decision-making power should sit with her and how the critical details to inform decisions will be shared. When facing a business unit incident that affects a global customer base and requires international regulatory alerts, that responsibility can get muddled.The smoother the public response, the shorter the public follow-up cycle and scrutiny. That only comes with practice.2. Consider the tough decisions. You want to be able to offer your customers something in response to a potentially protracted disruption. The first debate about exactly what that offer will be should not happen under the pressure of a tight deadline. As with any critical decision that could affect your long-term reputation with customers and employees, understand the likelihood of risks and weigh how you could respond.When would you advise customers of a potential risk? When should you inform the market, given that it may be some time before you have a complete picture? How often should you communicate during the disruption? How will disclosure affect different parts of the business? You have to be prepared to communicate clearly but cautiously and your first communication has to be accurate.How would issues in different regions drive decisions? Global companies must reconcile the different cultural and geopolitical pressures around the level of information expected in each market when hit with a cyber incident. Which of your markets will guide your response strategy? How would you respond to extortion? Does your executive team agree how you would respond to threats of extortion? Would you take a public stance around refusing to pay ransom, and is that more effective in your key markets?3. Get to grips with the potential consequences. With the right questions, you can understand where you are most at risk of a cyber incident. That should inform both how much you put toward mitigation of key risks and how you prepare to respond. If a phishing attack could grant access to sensitive IP critical to your business, extra defenses and training are required.Are those most sensitive systems the first ones your information security team would check at the notice of potential unauthorized access? Do you appreciate the level of complexity involved in understanding what could have been accessed? Where will you need to be prepared to offer compensation and how much?4. Increase your IT security literacy. There is a call to action for boards to increase their understanding of the cyber risks their companies face, and to do that they need to understand their current defenses. This extends to the preparedness of the members of your supply chain. In the case of a cyber incident, the brunt of the blame falls on the victim of the attack – not the perpetrator.

Can you earn a return from managing cyber risk?

View Answer >

Cyber resilience is not just a matter of risk management. Robust preparation across your business should be value enhancing.An informed executive team will demand higher standards from everyone in the business. If it is a theme heard from the top, information security will be echoed across the business making it a message your customers and partners hear too. Employees want to be part of a solution and understand the role they play.Good management appeals to investors. Our survey shows a very positive response to senior executives detailing how they’ve dealt with ongoing cyber threats and strengthened defenses and preparation.Cyber attacks can disrupt business and carry long-term consequences. Hackers work full time to get into your system. Advance planning and company-wide cyber awareness can make their job considerably harder.





loading image


Australian Security Summit 2019 - Paddy McGuinness, Senior Adviser - Brunswick Group How can the UK Government deliver its ambitions for digital connectivity?



Paddy joined Brunswick in November 2018 with extensive experience of crisis management, contingency planning for major risks and public communications around major national security issues, nationally and internationally. Drawing on his expert knowledge of security in its national, regulatory and geo-political context and his own networks, Paddy advises on crisis and resilience issues, providing senior counsel to clients on ever-evolving business and political risk.

Prior to joining Brunswick, Paddy was most recently the UK’s Deputy National Security Adviser, for Intelligence, Security and Resilience where he advised the Prime Minister and National Security Council on policy and decision-making on homeland security issues, including national resilience and crisis response, cyber security, counter-terrorism, and the UK’s response to action by hostile states. In this role Paddy worked with senior UK officials from across government, senior business figures and foreign partners, to build a coalition of common interests that broadened the UK’s national security capabilities and reach. He chaired COBR, on Homeland Security Issues, and led the development of the 2016 National Cyber Security Strategy. He was responsible for the interface between government and business on resilience and national security issues especially as it affects Critical National Infrastructure. He convened the cross-government body on the National Security aspects of Inward Investment. Latterly, he acted as the UK’s Envoy to the US tech sector, the US Administration and Congress on lawful access to data. He was also responsible for the funding, oversight and laws for the UK’s intelligence and security agencies.

Prior to this, Paddy was in the Diplomatic Service with leadership roles in the Middle East and Africa, Counter-Terrorism, Counter-Proliferation, and aspects of Cyber. He served in British Embassies in Rome, Cairo, Abu Dhabi and Sana’a.

Paddy was awarded an Officer of the Order of the British Empire (OBE) in 1997, and a Companion of the Order of St Michael and St George (CMG) in 2014.

Areas of Expertise (7)

Crisis Management

Cyber Security

National Secuirty

UK Politics

UK Business Trends

International Relations

Counter Terrorism

Accomplishments (2)

Companion of the Order of St Michael and St George (CMG)


Officer of the Order of the British Empire (OBE)


Media Appearances (2)

The COVID-19 Crisis is an ESG Issue: Here's What That Means for U.S. Businesses

Triple Pundit  


"Our understanding of what is critical national infrastructure and where we need to invest in our society is changed by these events," said Paddy McGuinness, a London-based senior advisor with Brunswick Group, who previously worked in resilience and security under two successive British Prime Ministers.

view more

PRWeek Brunswick hires former UK government security adviser



McGuinness said: "I am thrilled to join Brunswick and to have the opportunity to bring my experience to bear on clients’ issues in order to make their businesses more resilient in these uncertain times."

view more

Event Appearances (2)

Presentation 'Unconsidered Cyber Realities for Business'

Secure Computing Forum  The RDS Events Centre, Dublin


Cyber realities for Critical National Infrastructure

Australian Security Summit (AuSec 2019)  Hotel Realm Canberra


Articles (3)

Governing for Resilience

| Brunswick Group Perspectives (2020)

We now live with COVID-19. Fewer business leaders are making the mistake of talking about “post-COVID” or “when this is over.” The better of them have factored in COVID-19 related constraints to their medium-term plans and are even thinking about how the world may change in the long-term.

view more

Resilience in the Face of COVID-19

| Brunswick Group Perspectives (2020)

We are all becoming more familiar with this disease than we care to be—and may become yet more so. Still uncertainty remains. It began even with the terminology. Coronavirus is a descriptor, a general term. Under the microscope, the virus has crown-like spikes, hence corona.

view more

The View From Davos

| Brunswick Group Perspectives (2020)

Another year, another Davos. Every year there are meta-themes and subsidiary themes that occupy the global elite in the Congress Centre and the many meetings around town.

view more