Blog · 18 Mar 2018

Your cyber security journey: Stage five - ‘True leadership’

Our blog series has finally reached the final stage of the cyber security journey; the place where all organisations should aim to be — ‘True leadership’. Mark Hughes explains what it means.

President, BT Security

The end of a long journey

We’ve come to the end of the cyber security journey. In my previous blogs, I’ve explored the trials and tribulations — as well as the positives — of the previous four stages: ‘Denial’, ‘Worry’, ‘False confidence’ and ‘Hard lessons’.

Not every organisation will have completed the entire journey. Perhaps you dodged Denial and went straight to Worry. But whichever stage you started on, the ending will be the same — achieving what our report called: ‘True leadership’.

What is ‘True leadership’?    

When you reach the True leadership stage of your cyber security journey, you’re bringing all the lessons you learned on the way — and using that experience to reach a new, better way of thinking about cyber security.

Our research found that when organisations reached the True leadership phase, they all showed similar tendencies.


True leaders recognise the fact that the cyber threat is in a constant state of change. And that, to keep up, their organisation needs a security stance that’s both strong and flexible. Strong enough to deal with known threats and flexible enough to bend to meet unknown risks.


The final stage of the journey is where organisations learn that, to be truly secure, they need to work with their peers to create a community, unified against cyber criminals. They need to share security information, in order to receive security information. And they need to remember to do it before an attack — as you can’t build confidence with another organisation when you’re in the midst of dealing with a breach.

Think differently about cyber security

What really sets true leaders apart, is their ability to think differently about cyber security. They don’t see cyber as a separate, isolated risk. They see it for what it is: an integral part of the organisation that is both a potential risk to the entire operation, but equally a possible driver of business success.

The end. Or is it…

If you’re lucky, your organisation will already be at, or at least near, this final stage. If not, don’t panic. Take a look at my previous blogs about the first four stages, and use them to propel your organisation further along the journey.

The question then is: where do we go from here?

Well, I think it’s important to figure out the risk you actually face. That’s why, in my next blog, I’ll look at the three ‘zones of cyber risk’. These zones, identified in our report, will help you figure out exactly which kind of risk your organisation needs to look out for, and how.

So stay tuned.


Related content


Machen Sie Sicherheit zum integralen Bestandteil des Unternehmens


Fünf Schritte, um die Cyber-Abwehr zu perfektionieren

BT image banner
Mehr dazu auf Englisch

Abwehrsysteme auf nationaler Ebene zur Bekämpfung der Cyberkriminalität

Es ist unerlässlich, dass die Nationalstaaten jetzt Maßnahmen gegen die bisher gefährlichsten Bedrohungen ergreifen.

Mehr dazu auf Englisch