Wanted - A New Generation Of Cyber Security Leaders

A new report published by leading cyber security firm Savanti, argues that cyber security leadership is broken and is failing to deliver cyber success for businesses. 

The report argues that the combination of home working, which now means there are far more entry points into company networks than before, is significantly increasing the threats from rogue states and criminal groups. Further, there is currently a low management understanding of what companies really need to defend themselves and this has created a ‘perfect storm’ in cyber security.

The report lays bare the rapidly growing threat environment in which attacks from nation-state actors have increased and are now more likely to target private companies than government agencies. 90 per cent of organisations believe they have been targeted by a nation state threat actor, with 39 per cent citing Russia and 44 per cent China.

Globally, cyber crime is predicted to increase by 15 percent per year, reaching more than £12 trillion annually by 2025, which would make it the world’s third-largest economy behind China and the US.

Savanti’s report outlines how low levels of understanding about cyber security amongst company leaders results in isolated, technically-focused approaches that fail to deliver holistic security and risk management.

The report finds that, most crucially, Chief Information Security Officers (CISOs) are hired, managed and evaluated as technical experts rather than business leaders, a skills gap that is leaving companies increasingly vulnerable to cyber threats.

The skills gap is also creating unsustainable job churn. The average tenure is of a CISO is 2.3 years, compared to 6.9 years for a CEO, 4.7 years for a CFO, 4.6 years for a CIO, and the average CEO will cycle through three CISOs in their tenure, stunting the company’s ability to build a long-term strategy.

Analysis of recruitment and cyber investments by Savanti estimates the cost of a bad CISO hire to be at least £7.6 million. The report makes a number of recommendations, including:

  • CISOs should be hired, managed and measured as business leaders rather than technical experts.
  • Recruitment should priotise communication skills for CISOs.
  • Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change.
  • Cyber leaders need to achieve change through influence rather than control.
  • Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy.
  • CISOs should be integrated into all forward-looking aspects of business growth.

Commenting on these findings Richard Brinson, CEO of Savanti, said “Our report is a wake-up call for business leaders to stop treating cybersecurity as a compliance exercise – those days are gone... Businesses simply cannot ‘farm out’ cybersecurity to technical experts without fundamentally changing the way they operate. We need a new model of leadership for the cyber age that unites security and business goals and utilises cybersecurity to enable and grow businesses as well as protect them.”

Recent attacks on NHS supplier software, the Russian attack on Ukrainian military through ViaSat and the historically devastating NotPetya attack that nearly folded the global giant Maersk are just some examples of the damage caused by cyber attacks.

Savanti:

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

 

« Cyber Spy Group Uses IIS Web Software to Hack Targets
Black Women Comprise Less Than 1% Of The IT Workforce »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

TrapX Security

TrapX Security

TrapX Security is a leader in deception technology. Our solution rapidly detects and defeats new zero-day, targeted attacks, and malicious insiders.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Quantum Cybersecurity

Quantum Cybersecurity

Quantum's objectives are to assist and help our clients with RMF Controls, Accreditation packages, FISCAM controls, ISSM Duties and Responsibilities, ISSO Duties and Responsibilities and more.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.