Skip to Content

Establishing Cybersecurity Leadership

All too often, when executive staff gathers in the C-suite to consider agenda items like ”business strategy” or ”business leadership,” many still fail to consider the vital role cybersecurity must play to ensure their company’s continued success.

Admittedly, that’s a rather dry introduction to a very serious and potentially very costly problem.

Not convinced? Consider these statistics:

  • In 2018, the average cyber breach cost companies over $3.8 million. This is an increase of more than 6% from 2017.
  • The average cost of one stolen record was nearly $150, a 5% increase from 2017.
  • Cyber breaches now number in the thousands. Just 945 breaches in 2018 resulted in 4.5 billion private data records being made available to the dark web and the public.

Establishing Cybersecurity Leadership

It’s no longer a question of “if” your company will be hacked, but “when.”

However, while a cyberattack may be all but unavoidable, there are things you can do to minimize the immediate damage and the after-effects.

Strong Cybersecurity Requires Strong Leadership

People in the boardroom and C-suite must first recognize that valuing cybersecurity begins at the top.

Hiring the right Chief Information Security Officer (CISO) is, of course, critical. Typically, these sorts of jobs go to the one with the greatest technical skills, but cybersecurity leaders first need to be strong advocates for their mission, able to build solid relationships throughout the company and get buy-in from every department head (“a chain is only as strong…”). All of the so-called “soft skills” not typically valued for what too many still consider a glorified IT position.

Additionally, company leaders need to thoroughly understand:

  • How the company approaches cybersecurity
  • How able is the company to weather a cyberattack
  • How different types of cyberattacks can each affect the company differently
  • What are the policies after an attack or breach

Strong Cybersecurity Is Not “Just an IT Problem”

Starting at the top and going all the way down to the newest hire, everyone must be clear that security is a company-wide concern.

Security strategies need to focus not just on keeping bad actors out, but prioritizing what information is most critical (R&D, customer information, financial information, etc.). Priorities include how to maintain a company’s infrastructure—and keep the company open for business—in the event of an attack, how to respond to government regulators, and much more.

One-size-fits-all cyber strategies don’t exist in any but the most naive leaders.

Establishing Cybersecurity LeadershipA one-size-fits-all approach to cybersecurity isn’t effective. 

Strong Cybersecurity is About Keeping the Public’s Trust

More than just keeping your company’s information safe, cybersecurity is also about what to do after you’ve been hacked.

Keeping the public’s trust after a hack is potentially even more important than the actual data.

Company leaders must respond calmly and with as much candor as possible. They’ll need to explain what happened, what the company is doing in response to the attack, and what steps will be put in place to ensure it doesn’t happen again.


Cybersecurity leadership isn’t just about hiring techs and allocating budgets. It can be the difference between a devastating loss of income—or even shutting down entirely—and weathering a cyberattack and coming out of it wiser and more secure than before.