3 Ways Cybersecurity Leaders Can Prepare for a Breach

June 21, 2022

Contributor: Lori Perri

CISOs worry about major security incidents and believe their tenure at the organization will be threatened should they occur. In reality, however, they are primarily judged by their response to a breach.

In short: 

  • While CISOs may worry that a major cybersecurity breach instantly endangers their job, Gartner research suggests that’s not the case.
  • CISOs are judged by their incident response, not by their ability to prevent breaches from ever occurring. 
  • You prove your effectiveness by proactively preparing your organization for a breach, not scrambling to react once a breach occurs.

You may worry that major security breach incidents threaten your job and be tempted to focus on short-term priorities over longer-term initiatives. In reality, most CISOs experience a major breach during their careers, but they are more often judged on the effectiveness of their incident response than the fact the breach occurred. 

Download now: 3 Must-Haves in Your Cybersecurity Incident Response Plan

In the rare case that a CISO is terminated for a breach, it is unlikely they did the due diligence in their preparation and response plans to adequately mitigate harm to the business.

By focusing your time and attention on your preparation and response, you can increase your overall effectiveness and better meet the expectations of your board, CEO and C-suite peers.

“Our research shows that CISOs’ tenure is directly determined by circumstances they can — rather than can’t — control. Embrace this ideal reality and strike a proper balance between both short-term and long-term goals by using proper goal and project portfolio prioritization,” says Josh Murphy, Senior Principal, Research, Gartner.

Why CISOs change jobs after a breach

When a CISO leaves an organization after a major breach, it can be for several reasons, many of which can be career-enhancing. A major breach might cause you to want to work in a new industry or with a new technology. The initial stress of recovering from the breach could also encourage you to reflect on your work-life balance and make professional adjustments to accommodate a more personally sustainable lifestyle.

You should feel secure in your role if you have taken the proper steps to prepare for a major breach. There has never been a time when the business has valued their CISOs more than they do now.

Learn more: Your Ultimate Guide to Cybersecurity

Three breach-preparedness measures for CISOs

  • Reflect on current prioritization objectives and make security investment decisions that will help achieve personal, functional and business goals.
  • Confirm that incident response plans are approved by management. Review them periodically and test them once a year.
  • Learn from incidents and strengthen future responses.

You are prepared for a breach when you have implemented a necessary response plan that sufficiently mitigates harm to the business. By being mindful of what you can control and focusing on preparation and response, you can heighten your company’s overall security awareness, and offer an opportunity to test and improve response plans and drive behavior change.

Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.