The Evolving Landscape of Cyber Security Leadership in India

Attributed to Sundar Balasubramanian, India and SAARC MD, Check Point Software Technologies

In today’s rapidly evolving digital landscape, India has become a prime target for cyber threats. According to Check Point Software’s Threat Intelligence Report, organizations in India are attacked an average of 3,244 times per week over the last six months, starkly contrasting with the global average of 1,657 attacks per organization. As businesses scramble to protect their data and networks, distinguishing between true cyber security leaders and imitators is crucial. For organizations in India, recognizing these differences can mean the difference between robust security and potential vulnerability.

The Changing Definition of Leadership

Cyber attacks are no longer a question of ‘if’ but ‘when,’ underscoring the necessity and critical nature of cyber security roles. While some professions, such as administration and creative fields, may struggle under the weight of AI advancements, high-quality cyber security professionals retain their value. Even the most advanced AI strategies, such as real-time threat detection and response, cannot match the adaptability and moral compass of a strong cyber security leader.

Fifteen years ago, it would have been surprising to see soft skills like ‘attention to detail,’ ‘creative problem solving,’ and ‘clear communication’ included in a Chief Information Security Officer (CISO) job description. The traditional profile of a cyber security leader—siloed from senior management and often viewed as a necessary evil begging for budget—has become a distant memory. Fast forward to 2024, and cyber security leaders now hold a seat at the high table as trusted business insiders, valued advisors, and catalysts for long-term change and strategy.

A recent Gartner survey revealed that 77% of top-performing CISOs take the initiative to discuss evolving norms to stay ahead of threats, highlighting the importance of continuous improvement and adaptability in this fast-paced industry.

The Role of the Tag-along: A Valuable Supporter or Your Organization’s Weakest Link?

Cyber security professionals wear various hats, and the term ‘tag-along’ might not accurately describe those who contribute significantly behind the scenes. These individuals may conduct penetration tests, monitor network access permissions, and perform audits to enhance the organization’s security posture. In this context, tag-alongs are not merely following; they are integral to the organization’s security framework.

However, cyber security is no longer a purely technical discipline. It is a misconception that security is irrelevant to those without coding skills or software knowledge. Ideally, every employee in an organization should be a cyber security tag-along. If everyone is pulling their weight, the concept of a tag-along becomes obsolete.

Indian enterprises are currently grappling with a critical shortage of cyber security experts, ranking second globally in this workforce deficit. According to TeamLease, as of May 2023, there are over 40,000 unfilled cyber security positions in India, with an estimated need for approximately 800,000 professionals. This shortage has surged sevenfold over the past year, exacerbated by the relentless nature of evolving threats and significant burnout among skilled professionals.

Training initiatives, such as phishing simulations and data privacy awareness programs, can help minimize easily avoidable human errors, particularly among non-technical employees. This raises an important question: What makes a worthy leader? Is it the individual who can successfully lead cyber security teams, or is it the one who fosters a culture of confidence, competence, and cyber security awareness across the organization?

Who Will Call the Shots Five Years From Now?

According to Gartner, effective cyber security leadership is not solely about technical ability. The CISO Effectiveness Diagnostic outlines four essential skill categories for great leaders: Executive Influencer, Future-risk Manager, Workforce Architect, and Stress Navigator.

When a real-life attack scenario unfolds, technical education alone cannot prepare individuals for the crisis. In such moments, only the most clear-headed leaders can steer the organization to safety. While cyber security professionals will spring into action, a cyber security leader must act as the crisis mitigation expert, effectively communicating with boards and senior management.

However, the elephant in the room is the potential lack of personnel to maintain security operations. Cyber security skills gaps and talent shortages impact 71% of organizations, with 54% believing the situation is worsening.

The Future of Cyber Security Leadership

Cyber security is undoubtedly a challenging field. A staggering 77% of CISOs report that their job affects their physical health, indicating that the role cannot be sustained in its current state. As we look to the future, it is essential to eliminate the notion that cyber security is solely a top-down requirement. Instead, the responsibility should be shared among all employees. While the CISO may call the shots, they should not bear the entire burden of stress.

In conclusion, as the cyber threat landscape continues to evolve, so too must the approach to cyber security leadership. By fostering a culture of shared responsibility and continuous improvement, organizations can better prepare themselves to face the challenges ahead. The future of cyber security in India depends on recognizing the value of every individual in the organization and empowering them to contribute to a robust security posture.