Wanted - A New Generation Of Cyber Security Leaders

Uploaded on 2022-11-09 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

A new report published by leading cyber security firm Savanti, argues that cyber security leadership is broken and is failing to deliver cyber success for businesses. 

The report argues that the combination of home working, which now means there are far more entry points into company networks than before, is significantly increasing the threats from rogue states and criminal groups. Further, there is currently a low management understanding of what companies really need to defend themselves and this has created a ‘perfect storm’ in cyber security.

The report lays bare the rapidly growing threat environment in which attacks from nation-state actors have increased and are now more likely to target private companies than government agencies. 90 per cent of organisations believe they have been targeted by a nation state threat actor, with 39 per cent citing Russia and 44 per cent China.

Globally, cyber crime is predicted to increase by 15 percent per year, reaching more than £12 trillion annually by 2025, which would make it the world’s third-largest economy behind China and the US.

Savanti’s report outlines how low levels of understanding about cyber security amongst company leaders results in isolated, technically-focused approaches that fail to deliver holistic security and risk management.

The report finds that, most crucially, Chief Information Security Officers (CISOs) are hired, managed and evaluated as technical experts rather than business leaders, a skills gap that is leaving companies increasingly vulnerable to cyber threats.

The skills gap is also creating unsustainable job churn. The average tenure is of a CISO is 2.3 years, compared to 6.9 years for a CEO, 4.7 years for a CFO, 4.6 years for a CIO, and the average CEO will cycle through three CISOs in their tenure, stunting the company’s ability to build a long-term strategy.

Analysis of recruitment and cyber investments by Savanti estimates the cost of a bad CISO hire to be at least £7.6 million. The report makes a number of recommendations, including:

  • CISOs should be hired, managed and measured as business leaders rather than technical experts.
  • Recruitment should priotise communication skills for CISOs.
  • Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change.
  • Cyber leaders need to achieve change through influence rather than control.
  • Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy.
  • CISOs should be integrated into all forward-looking aspects of business growth.

Commenting on these findings Richard Brinson, CEO of Savanti, said “Our report is a wake-up call for business leaders to stop treating cybersecurity as a compliance exercise – those days are gone... Businesses simply cannot ‘farm out’ cybersecurity to technical experts without fundamentally changing the way they operate. We need a new model of leadership for the cyber age that unites security and business goals and utilises cybersecurity to enable and grow businesses as well as protect them.”

Recent attacks on NHS supplier software, the Russian attack on Ukrainian military through ViaSat and the historically devastating NotPetya attack that nearly folded the global giant Maersk are just some examples of the damage caused by cyber attacks.

Savanti:

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

 

« Cyber Spy Group Uses IIS Web Software to Hack Targets
Black Women Comprise Less Than 1% Of The IT Workforce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

Assuria

Assuria

Assuria Cyber Security solutions provide protective monitoring of systems and user activity across the whole IT infrastructure.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.

Digital Twin Consortium (DTC)

Digital Twin Consortium (DTC)

Digital Twin Consortium is a global ecosystem of users who are driving best practices for digital twin usage and defining requirements for new digital twin standards.