The Importance of Cybersecurity Leadership
Written by:
University of Tulsa
• Dec 13, 2023
The Importance of Cybersecurity Leadership
The average cost of a single data breach in the United States is about $9.44 million, according to IBM, and Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion by 2025 if current trends continue. Companies are scrambling to protect themselves, and hiring skilled cybersecurity leadership has become a major focus of their strategies in the last several years.
Cybersecurity refers to all the practices and procedures used to combat cybercrime. It involves protecting networks, equipment, and software from malicious attackers to prevent potentially devastating data breaches and downtime. There has never been a greater need for exceptional cybersecurity leadership, and a Master of Science in Cyber Security program can provide professionals with the skills and knowledge required to keep an organization’s data and networks safe from the most sophisticated modern threats.
What Is Cybersecurity Leadership?
Cybersecurity leadership can be defined as an executive, C-level, or management role with the responsibility of protecting an organization’s critical data infrastructure. Just as a chief financial officer is responsible for an organization’s finances and budgeting, a chief information security officer, or CISO, is responsible for keeping an organization’s networks and data secure.
The World Economic Forum (WEF) has highlighted a significant skills gap in the global cybersecurity workforce. In 2022, the WEF reported that the information security workforce — including cybersecurity leaders — needed to expand by 65% to be capable of effectively protecting the world’s data.
The Value of Cybersecurity Leadership
The Colonial Pipeline ransomware attack of May 2021 perfectly illustrates the value of leadership in cybersecurity. The attack forced the pipeline to shut down and cease operations completely, which resulted in gas shortages and huge price spikes that affected consumers for several days. Between the $4.4 million ransom the Colonial Pipeline CEO says he paid the hackers to restore operations and the tens of millions in lost revenue due to the six days the pipeline was closed, the company’s losses were substantial.
The Colonial Pipeline attack is regarded as the first cyberattack to have a measurable effect on American consumers at large. For several weeks leading up to the attack, Colonial Pipeline had been actively searching for a cybersecurity manager to join their ranks. Qualified and educated cybersecurity professionals have never been more valuable, and they impact organizations in several ways.
What Makes an Excellent Cybersecurity Leader?
Effective cybersecurity leadership requires a highly specialized set of skills, the ability to keep up with the latest technologies and trends, and the management capabilities needed to successfully lead a team of professionals. Large companies and organizations employ CISOs to serve at the executive level, while many small and midsized businesses rely on cybersecurity managers to keep their data and networks secure.
Duties, Skills, and Responsibilities
Cybersecurity leadership roles come with numerous duties and responsibilities. Though they vary from one company to the next, they often include the following:
- Developing a cybersecurity culture. Cybersecurity leaders must help develop a culture of shared beliefs and values that influence their companies’ approach to cybersecurity. This may involve emphasizing the importance of protecting and regularly changing passwords, and enforcing data access policies.
- Creating and implementing cybersecurity strategies. Leaders are tasked with designing, implementing, and maintaining cybersecurity strategies from the ground up based on the company’s unique needs.
- Building and maintaining systems to combat threats. Cybersecurity leaders may need to build software and systems to protect specific equipment and data. They may also piece together systems from existing software.
- Keeping up with laws and regulations. Regulations surrounding the collection, storage, and use of different types of data are always changing. A major component of cybersecurity leadership involves monitoring these changes and ensuring that the organization’s policies and systems are in compliance.
- Developing organization-specific risk metrics. Risk metrics are measurable, quantifiable values that can show how well a company is meeting its goals. Examples include time to detect, which measures how long it takes to identify a cyberthreat, and the number of incorrectly configured SSL (secure sockets layer) certificates, which can create vulnerabilities in a network.
- Educating others about cybersecurity. Perhaps the most important part of a cybersecurity leader’s job is educating others about cybersecurity as a whole. Managers and CISOs alike share information with shareholders, other managers, and the information technology (IT) and cybersecurity workforce as a whole to keep them informed.
Qualities and Traits
Aside from the technical skills required to thrive in a cybersecurity leadership role, great leaders possess a range of unique qualities and traits. These include the following:
- Trustworthiness and accountability. Organizations rely on cybersecurity leaders to protect them from threats. As such, these leaders must be viewed as skilled, experienced, and trustworthy. They must take the time to understand business operations in order to build that trust.
- Empathy and understanding. Cybersecurity leaders must be good listeners if they want to transform an organization’s culture to one that takes the need for cybersecurity measures seriously. They must entice both shareholders and IT employees to follow their lead. This involves listening to concerns, empathizing and understanding those concerns, and using that information to lead.
- A visionary mindset. Cybersecurity leaders need to be able to think about and plan for the future. Managing an organization’s cybersecurity is a highly complex responsibility, and creating lasting change can be a slow process. The most successful cybersecurity leaders develop a long-term vision and divide it into attainable short-term goals.
Salary and Job Outlook
The National Institute of Standards and Technology (NIST) reported a global shortage of cybersecurity professionals in 2021, estimating that some 2.72 million additional professionals were needed to meet the country’s cybersecurity needs. The job outlook for cybersecurity leaders is strong, and employment in computer and information technology occupations is expected to grow by 15% between 2021 and 2031, according to the U.S. Bureau of Labor Statistics (BLS).
Though different roles can vary greatly in scope and practice, three of the most common cybersecurity careers in leadership are CISO, security administrator, and cybersecurity manager.
Chief Information Safety Officer
Chief information safety officers (CISOs) are upper-level executives who oversee the cybersecurity functions of an entire company. They create reports for shareholders, lead teams of IT professionals, and make important decisions about the best ways to protect data and networks. CISOs had a median annual salary of about $173,000 as of March 2021, according to Payscale.
Security Administrator
Security administrators are responsible for an organization’s computer systems and networks as they relate to cybersecurity. They may report directly to the company’s CISO, but, in many companies, the security administrator is the highest level manager in the IT department. According to the BLS, network and computer systems administrators, including security administrators, had a median annual salary of $80,600 a year as of May 2021.
Cybersecurity Manager
Whereas CISOs and security administrators are responsible for protecting data and networks against a wide range of threats, cybersecurity managers focus almost exclusively on preventing cybercrime. They may spend their days identifying potential vulnerabilities in networks, overseeing cybersecurity teams, and implementing prevention strategies. Cybersecurity managers had a median annual salary of about $137,500 as of March 2023, according to Payscale.
Discover How You Can Become a Cybersecurity Leader
The need for effective, qualified, and well-educated cybersecurity leadership continues to grow across the globe as more companies work to prevent devastating cyberattacks. As hackers continue to use more sophisticated technologies to penetrate networks, companies rely on their leaders to anticipate and prevent these costly attacks.
Earning an online Master of Science in Cyber Security from The University of Tulsa can provide you with the skills and knowledge you need to thrive in this growing field. Develop your cybersecurity leadership abilities at one of the first 14 institutions ever designated as a Center of Academic Excellence in Information Assurance and Cyber Defense Education.
Recommended Readings
8 Myths About Cybersecurity Careers
8 Reasons Demand for Cybersecurity Professionals Will Keep Rising
4 High-Level Cybersecurity Careers — and How to Prepare for Them
Sources:
BBC, “Colonial Pipeline Boss Confirms $4.4m Ransom Payment”
CEOWorld Magazine, “Revealed: The True Cost of Rising Cyber Attacks”
Cisco, “Cisco 2023 Data Privacy Benchmark Study”
CSO, “Cybersecurity Spending Trends for 2022: Investing in the Future”
Cybersecurity Ventures, “Cybercrime to Cost the World $10.5 Trillion Annually by 2025”
IBM, “Cost of a Data Breach 2022”
National Initiative for Cybersecurity Careers and Studies, Executive Cyber Leadership
National Institute of Standards and Technology, Cybersecurity Workforce Demand
National Security Agency, “2022 Cybersecurity Year in Review”
Payscale, Average Chief Information Security Officer Salary
Payscale, Average Cyber Security Manager Salary
Security Intelligence, “What Leadership Qualities for CISOs Are Most Important in 2020?”
Security Roundtable, “5 Leadership Principles for the Cybersecurity Professional”
U.S. Bureau of Labor Statistics, Computer and Information Systems Managers
U.S. Bureau of Labor Statistics, Computer and Information Technology Occupations
U.S. Bureau of Labor Statistics, Network and Computer Systems Administrators
U.S. Chief Information Officers Council, Guidance for Chief Information Security Officers (CISO)
World Economic Forum, “Can Closing the Cybersecurity Skills Gap Change the World?”