There's no hacking in baseball!

What on Earth were they thinking? Last week brought the dumbfounding, head-scratching news that members of the St. Louis Cardinals front office are under investigation for hacking into a Houston Astros database chock full of proprietary information, including stats, salary records, and scouting reports. Granted, it wasn’t the world’s most sophisticated hack (Pro tip: If you leave your employer for a competitor, get yourself a new password!), but it is striking for being the first known instance of corporate espionage in the history of American professional sports. And it puts the Astros alongside Target and Sony Pictures on an ever-growing list of organizations of all stripes that have felt the embarrassing and costly sting of cybercrime. As Yogi Barra would say, it’s like déjà vu all over again.   While distressing for baseball fans (and movie execs and Target customers, to name but a few), the increasingly common headlines about hacking disasters have proven rather good news for US consultants. For this growing worry about cybercrime is a major factor in the phenomenal growth we've seen in risk consulting over the last year. One of the consultants we spoke with in the course of researching our brand new report on the $50.5bn US consulting market mused that he never thought he'd see the day "that risk could be sexier than strategy."  But it seems that day has arrived, with some consultants telling us their risk practices have grown by as much as 300% in the last year. True, risk comes in many forms, and much of the work here is still of the more traditional, commoditized variety, but that's not where the big growth is happening. With hackers making headlines and the trend toward digitization leaving businesses increasingly vulnerable to cyberattack, consultants here are enjoying exceptional opportunities to not only grow their area of the business but to expand into higher-value work than they may have been doing in recent years.  While organizations may consider traditional risk management to be mere housekeeping and a cost to be endured, cybersecurity is proving to be the kind of vital, strategically important stuff that boards get excited about.  The solutions here are customized, not commoditized, and organizations will pay top-dollar to see this work done well. So the Cardinals may be a lot better at baseball than they are at espionage, but not all cybercriminals can be trusted to prove as bumbling. Organizations anxious to keep their secrets to themselves are eagerly calling consultants in from the bullpen.  And the once un-cool risk consultant is moving from the bench to MVP.