Security pros favor leaders with major incident experience

An online survey by security certification body ISC2 found 75% of cybersecurity professionals say leaders who have guided their organization through a major cyber incident are more credible, regardless of how the incident ended. Nine percent disagreed.

The survey asked cybersecurity staff about leadership qualities and their confidence in current security executives. Respondents cited calm decision-making under pressure and the ability to communicate realistic risk assessments to teams and senior stakeholders as reasons incident experience builds credibility.

The report also included data from antivirus vendor Sophos showing chief information security officers face about a one-in-four chance of losing their jobs after an attack.

Confidence in upper cybersecurity leadership was mixed. Thirty-four percent of respondents reported they were very confident in their current cybersecurity leaders, while 15% reported being extremely confident. Thirty percent said they had moderate confidence, 15% were only slightly confident, and 6% said they had no confidence at all.

Respondents prioritized communication to senior executives and boards: 95% rated the ability to explain risk to boards and senior management as very important. Other highly rated traits included a long-term cybersecurity strategy and the ability to work with senior leadership to secure budget and resources. Respondents also emphasized transparency about decisions and actions and preferred realistic assessments over optimistic narratives.

More than 80% of respondents rated decision-making under pressure and the ability to build and lead high-performing teams as very important. Technical cybersecurity expertise was cited as very important by 75% of respondents.

One respondent wrote, “The most important trait in a cybersecurity leader is the ability to align security strategy with business goals while earning trust through clear judgment, communication, and accountability.” ISC2 researchers wrote that leaders who are transparent about risks, priorities and challenges are more likely to earn trust. The report added that leaders who remain calm during high-pressure incidents and create environments where teams feel supported and accountable tend to attract greater credibility.

The survey results arrive as boards push for clearer reporting and measurable outcomes for cybersecurity programs. The ISC2 report links incident-handling experience, transparent communication and steady leadership with higher credibility among security professionals.