‘Perfect storm’ in cybersecurity demands new generation of cyber leaders

A new report published by Savanti, argues that cybersecurity leadership is broken and failing to deliver cyber success for businesses.

  • 2 years ago Posted in

The report argues that the combination of home working (which now means there are far more entry points into company networks than before), ballooning threats from rogue states and criminal groups, and low understanding of what companies actually need to defend themselves has created a ‘perfect storm’ in cybersecurity.

The report lays bare the rapidly growing threat environment in which attacks from nation-state actors have increased and are now more likely to target private companies than government agencies. 90 per cent of organisations believe they have been targeted by a nation state threat actor, with 39 per cent citing Russia and 44 per cent China.

Globally, cybercrime is predicted to increase by 15 percent per year, reaching more than £12 trillion annually by 2025 – which would make it the world’s third-largest economy behind China and the US.

Savanti’s report outlines how low levels of understanding about cybersecurity amongst company leaders results in isolated, technically-focused approaches that fail to deliver holistic security and risk management.

The report finds that, most crucially, Chief Information Security Officers (CISOs) are hired, managed and evaluated as technical experts rather than business leaders – a skills gap that is leaving companies increasingly vulnerable to cyber threats.

The skills gap is also creating unsustainable job churn. The average tenure is of a CISO is 2.3 years – compared to 6.9 years for a CEO, 4.7 years for a CFO, 4.6 years for a CIO – and the average CEO will cycle through three CISOs in their tenure, stunting the company’s ability to build a long-term strategy. Analysis of recruitment and cyber investments by Savanti estimates the cost of a bad CISO hire to be at least £7.6 million.

The report recommends a number of recommendations, including:

CISOs should be hired, managed and measured as business leaders rather than technical experts;

Recruitment should priotise communication skills for CISOs;

Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change;

Cyber leaders need to achieve change through influence rather than control;

Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy;

CISOs should be integrated into all forward-looking aspects of business growth.

Richard Brinson, CEO of Savanti, said:

“Our report is a wake-up call for business leaders to stop treating cybersecurity as a compliance exercise – those days are gone.

“Businesses simply cannot ‘farm out’ cybersecurity to technical experts without fundamentally changing the way they operate.

“We need a new model of leadership for the cyber age that unites security and business goals and utilises cybersecurity to enable and grow businesses as well as protect them.”

Recent attacks on NHS supplier software, the Russian attack on Ukrainian military through ViaSat and the historically devastating NotPetya attack that nearly folded the global giant Maersk are just some examples of the damage wrought by cyberattacks.


Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...