Wanted - A New Generation Of Cyber Security Leaders

Uploaded on 2022-11-09 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

A new report published by leading cyber security firm Savanti, argues that cyber security leadership is broken and is failing to deliver cyber success for businesses. 

The report argues that the combination of home working, which now means there are far more entry points into company networks than before, is significantly increasing the threats from rogue states and criminal groups. Further, there is currently a low management understanding of what companies really need to defend themselves and this has created a ‘perfect storm’ in cyber security.

The report lays bare the rapidly growing threat environment in which attacks from nation-state actors have increased and are now more likely to target private companies than government agencies. 90 per cent of organisations believe they have been targeted by a nation state threat actor, with 39 per cent citing Russia and 44 per cent China.

Globally, cyber crime is predicted to increase by 15 percent per year, reaching more than £12 trillion annually by 2025, which would make it the world’s third-largest economy behind China and the US.

Savanti’s report outlines how low levels of understanding about cyber security amongst company leaders results in isolated, technically-focused approaches that fail to deliver holistic security and risk management.

The report finds that, most crucially, Chief Information Security Officers (CISOs) are hired, managed and evaluated as technical experts rather than business leaders, a skills gap that is leaving companies increasingly vulnerable to cyber threats.

The skills gap is also creating unsustainable job churn. The average tenure is of a CISO is 2.3 years, compared to 6.9 years for a CEO, 4.7 years for a CFO, 4.6 years for a CIO, and the average CEO will cycle through three CISOs in their tenure, stunting the company’s ability to build a long-term strategy.

Analysis of recruitment and cyber investments by Savanti estimates the cost of a bad CISO hire to be at least £7.6 million. The report makes a number of recommendations, including:

  • CISOs should be hired, managed and measured as business leaders rather than technical experts.
  • Recruitment should priotise communication skills for CISOs.
  • Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change.
  • Cyber leaders need to achieve change through influence rather than control.
  • Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy.
  • CISOs should be integrated into all forward-looking aspects of business growth.

Commenting on these findings Richard Brinson, CEO of Savanti, said “Our report is a wake-up call for business leaders to stop treating cybersecurity as a compliance exercise – those days are gone... Businesses simply cannot ‘farm out’ cybersecurity to technical experts without fundamentally changing the way they operate. We need a new model of leadership for the cyber age that unites security and business goals and utilises cybersecurity to enable and grow businesses as well as protect them.”

Recent attacks on NHS supplier software, the Russian attack on Ukrainian military through ViaSat and the historically devastating NotPetya attack that nearly folded the global giant Maersk are just some examples of the damage caused by cyber attacks.

Savanti:

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

 

« Cyber Spy Group Uses IIS Web Software to Hack Targets
Black Women Comprise Less Than 1% Of The IT Workforce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

CyberPoint

CyberPoint

CyberPoint delivers innovative, leading-edge cyber security products, solutions, and services to customers worldwide.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.