Posted: 3 Min ReadFeature Stories

Cyber Breach Survivors Welcome: Why Firms Should Hire CISOs with Breach Experience

We’ve avoided talking about it for years but it’s high time for industry professionals to share their insights from overcoming a security breach to help fight a smarter breed of hacker

Let’s face it. No one likes to air their dirty laundry in public, especially if your job is in the area of cyber security. Be that as it may, research suggests that those who acknowledge and learn from their security breaches and share the insights could actually be a benefit to a company – not a liability.

I’d go as far as saying firms are better off hiring a CISO who has experienced an avoidable breach, as opposed to someone who hasn’t. As long as they’re not looking to repeat the same mistakes, there’s a lot to gain from someone who has bounced back from an incident that has occurred on their watch. It changes the way they think, feel and behave. Having already been through the experience, security professionals tend not to be haunted by the stress of regulation, the feeling of burnout, and they are more likely to share their learnings with others.

Insights

In partnership with Dr Chris Brauer, Director of Innovation at Goldsmiths, University of London, Symantec surveyed more than 3,000 cyber security leaders across the UK, France and Germany. Here are some of the things we found:

Cyber security professionals that have experienced an avoidable breach are:  

  • 24% less likely to report feeling ‘burnt out’ 
  • 20% are less likely to feel indifference toward their work 
  • 15% less likely to feel personally responsible for an incident that could have been avoided 
  • 14% less likely to feel ‘set up for failure’ 
  • 14% more likely to share their learning experiences 
  • 14% less likely to think about quitting their job 

You can view the full report here.

From my personal experience, I find that a potential hire at any level that has been through a breach and come out the other side is incredibly valuable. The top levels will learn a lot of crisis management in a real-life situation, leadership and how to keep a team focussed. The rest of the team will benefit both from the experience itself and from watching how their leaders respond (be it the CISO or the CEO). These experiences are ideally rare, but memorable and in my opinion character (and career) forming.

Anyone who wears the ‘been there, done that’ t-shirt is much more equipped and is less afraid of preparing for and managing future security issues. In short, there’s no need to hide previous breaches on your CV – even if you are a CISO.

Learn from Failure

“Failure is simply the opportunity to begin again, this time more intelligently,” said US car supremo Henry Ford. The only problem is, 54% of security leaders in our survey explicitly do not discuss breaches or attacks with peers in the industry. If everyone keeps their breaches secret, no one will ever learn from them. Often, when information is shared in the industry, by the time it’s scrubbed, sanitised and anonymised, it’s of little value.

On the dark web, people aren’t as tight-lipped. Criminals are all too quick to spill the beans in online forums about how they were able to expose vital company data. What the security industry needs is a trusted environment where knowledge transfer can take place for the betterment of all involved. But it also needs a culture that encourages this exchange of best practice.

Practical Steps

After speaking with industry leaders for the Symantec High Alert research, we’ve put together some advice to turn the challenges into opportunities.

Share learnings – Teams should take a more optimistic view of security incidents and learn from the attitudes of the people who have been through them.

Prioritise strategy – A more optimistic response to breaches also means taking a long-term and strategic approach to cyber defence. One of the best ways of doing this is through the adoption of a solution such as Symantec’s Integrated Cyber Defence (ICD) platform.

Discuss insights with peers – Individuals and the industry at large need to devote more attention to improving strategic and operational information sharing – not just tactical threat information.

Support from the top – Company boards must support these efforts and foster a more open learning culture for security teams.

Communicate in person – CISOs and security teams can help themselves, and seize the opportunity for driving positive change, by working closely and collaborating in-person with colleagues after an incident.

You might also enjoy
Expert Perspectives3 Min Read

Got Breached? The Clock Just Started Ticking

It’s urgent to determine the extent of the intrusion and fix it fast. Here’s one case where time really is money

You might also enjoy
Feature Stories3 Min Read

Top Cyber Security Posts Still Lack C-Level Cred

Despite the rise of CISOs and CSOs, top security execs still lack the autonomy and clout given to their C-suite counterparts

About the Author

Darren Thomson

Darren Thomson, CTO and VP of Technology, EMEA

Darren Thomson is CTO and VP of Technology, EMEA, with overall technical responsibility for our strategic propositions,currently responsible for the development and delivery of IT Risk Management, Mobile and Cloud Computing & IoT programs to our major clients.