Security Pros Trust Leaders With Incident Experience

A recent ISC2 survey found 75% of cybersecurity professionals consider leaders who have led their organization through a major cyber incident to be more credible, regardless of how the incident ended. Nine percent of respondents disagreed.

The survey asked cybersecurity workers to rank traits that build trust in senior security leaders. Respondents placed transparency, consistency and the ability to align security priorities with business goals among the top drivers of credibility.

Ninety-five percent of participants said communicating risk to senior leadership and boards is very important.

More than eight-in-ten respondents rated decision-making under pressure and the ability to build and lead high-performing teams as very important. Technical cybersecurity expertise was judged very important by 75% of respondents.

Confidence in current cybersecurity leadership was mixed: 15% of respondents were extremely confident and 34% were very confident in their organization’s upper cybersecurity leadership. Thirty percent reported moderate confidence, 15% reported only slight confidence and 6% said they had no confidence at all.

Antivirus vendor Sophos has reported that chief information security officers face roughly a one-in-four chance of losing their job after a major attack.

One respondent wrote, “The most important trait in a cybersecurity leader is the ability to align security strategy with business goals while earning trust through clear judgment, communication and accountability.”

ISC2 researchers noted that teams and executives are more likely to trust leaders who provide realistic assessments rather than overly optimistic narratives and that transparency about risks, priorities and challenges strengthens credibility.

Survey participants also highlighted the importance of leaders who remain calm during high-pressure incidents and create environments where teams feel supported, heard and accountable. ISC2 said strong leaders spend time understanding business objectives and collaborate across departments so security works with other teams rather than blocking them.

ISC2 researchers concluded that leaders who communicate clearly, empower their teams and demonstrate decisive leadership under pressure are most likely to gain and keep credibility across the enterprise.