The Cybersecurity Spiral of Failure (and How to Break Out of It)

Trust between CISOs and senior executives is the only platform on which successful transformative efforts can be built around cyber security.

For the past two decades, many organizations have been trapped in a spiral of failure around cybersecurity, driven by endemic business short-termism and the box-ticking culture of many executives around compliance.

Cybersecurity is a complex matter that needs to reach a long way out of its native technical niche, towards business and support functions, and across geographies.

Successful transformation in that space takes time because of the need to reach across those, and effectively embed secure practices across the culture of the firm.

In real-life, many senior executives struggle with a genuine long-term view. “In the long-term we are all dead” and many CISOs coming up with multi-year transformative plans would have been forced by their bosses to focus tactically on alleged quick-wins and compliance box-ticking measures to get their plans accepted, before seeing their initiatives deprioritized at the first sign of any business development (merger, acquisition, arrival or departure of senior executives, economic downturn or…