Wanted - A New Generation Of Cyber Security Leaders

Uploaded on 2022-11-09 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

A new report published by leading cyber security firm Savanti, argues that cyber security leadership is broken and is failing to deliver cyber success for businesses. 

The report argues that the combination of home working, which now means there are far more entry points into company networks than before, is significantly increasing the threats from rogue states and criminal groups. Further, there is currently a low management understanding of what companies really need to defend themselves and this has created a ‘perfect storm’ in cyber security.

The report lays bare the rapidly growing threat environment in which attacks from nation-state actors have increased and are now more likely to target private companies than government agencies. 90 per cent of organisations believe they have been targeted by a nation state threat actor, with 39 per cent citing Russia and 44 per cent China.

Globally, cyber crime is predicted to increase by 15 percent per year, reaching more than £12 trillion annually by 2025, which would make it the world’s third-largest economy behind China and the US.

Savanti’s report outlines how low levels of understanding about cyber security amongst company leaders results in isolated, technically-focused approaches that fail to deliver holistic security and risk management.

The report finds that, most crucially, Chief Information Security Officers (CISOs) are hired, managed and evaluated as technical experts rather than business leaders, a skills gap that is leaving companies increasingly vulnerable to cyber threats.

The skills gap is also creating unsustainable job churn. The average tenure is of a CISO is 2.3 years, compared to 6.9 years for a CEO, 4.7 years for a CFO, 4.6 years for a CIO, and the average CEO will cycle through three CISOs in their tenure, stunting the company’s ability to build a long-term strategy.

Analysis of recruitment and cyber investments by Savanti estimates the cost of a bad CISO hire to be at least £7.6 million. The report makes a number of recommendations, including:

  • CISOs should be hired, managed and measured as business leaders rather than technical experts.
  • Recruitment should priotise communication skills for CISOs.
  • Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change.
  • Cyber leaders need to achieve change through influence rather than control.
  • Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy.
  • CISOs should be integrated into all forward-looking aspects of business growth.

Commenting on these findings Richard Brinson, CEO of Savanti, said “Our report is a wake-up call for business leaders to stop treating cybersecurity as a compliance exercise – those days are gone... Businesses simply cannot ‘farm out’ cybersecurity to technical experts without fundamentally changing the way they operate. We need a new model of leadership for the cyber age that unites security and business goals and utilises cybersecurity to enable and grow businesses as well as protect them.”

Recent attacks on NHS supplier software, the Russian attack on Ukrainian military through ViaSat and the historically devastating NotPetya attack that nearly folded the global giant Maersk are just some examples of the damage caused by cyber attacks.

Savanti:

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

 

« Cyber Spy Group Uses IIS Web Software to Hack Targets
Black Women Comprise Less Than 1% Of The IT Workforce »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Materna Radar Cyber Security

Materna Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

ColCERT

ColCERT

ColCERT is the national cybersecurity emergency response team of Colombia.

X-PHY

X-PHY

X-PHY is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core.