Blog · 19 Mar 2018

Your cyber security journey: Stage five - ‘True leadership’

Our blog series has finally reached the final stage of the cyber security journey; the place where all organisations should aim to be — ‘True leadership’. Mark Hughes explains what it means.

President, BT Security

The end of a long journey

We’ve come to the end of the cyber security journey. In my previous blogs, I’ve explored the trials and tribulations — as well as the positives — of the previous four stages: ‘Denial’, ‘Worry’, ‘False confidence’ and ‘Hard lessons’.

Not every organisation will have completed the entire journey. Perhaps you dodged Denial and went straight to Worry. But whichever stage you started on, the ending will be the same — achieving what our report called: ‘True leadership’.

What is ‘True leadership’?    

When you reach the True leadership stage of your cyber security journey, you’re bringing all the lessons you learned on the way — and using that experience to reach a new, better way of thinking about cyber security.

Our research found that when organisations reached the True leadership phase, they all showed similar tendencies.


True leaders recognise the fact that the cyber threat is in a constant state of change. And that, to keep up, their organisation needs a security stance that’s both strong and flexible. Strong enough to deal with known threats and flexible enough to bend to meet unknown risks.


The final stage of the journey is where organisations learn that, to be truly secure, they need to work with their peers to create a community, unified against cyber criminals. They need to share security information, in order to receive security information. And they need to remember to do it before an attack — as you can’t build confidence with another organisation when you’re in the midst of dealing with a breach.

Think differently about cyber security

What really sets true leaders apart, is their ability to think differently about cyber security. They don’t see cyber as a separate, isolated risk. They see it for what it is: an integral part of the organisation that is both a potential risk to the entire operation, but equally a possible driver of business success.

The end. Or is it…

If you’re lucky, your organisation will already be at, or at least near, this final stage. If not, don’t panic. Take a look at my previous blogs about the first four stages, and use them to propel your organisation further along the journey.

The question then is: where do we go from here?

Well, I think it’s important to figure out the risk you actually face. That’s why, in my next blog, I’ll look at the three ‘zones of cyber risk’. These zones, identified in our report, will help you figure out exactly which kind of risk your organisation needs to look out for, and how.

So stay tuned.


Related content


Intégrez pleinement la sécurité à vos activités.

Livre blanc

Cinq étapes vers le leadership en matière de cybersécurité

BT image banner
En savoir plus en anglais

Établissement de systèmes de défense nationaux contre la cybercriminalité

Il est impératif que les États-nations agissent sans tarder pour mettre en place des systèmes de cyberdéfense, afin de se protéger contre les menaces les plus sophistiquées à ce jour.

En savoir plus en anglais