The Newest Anti-Hack Defense

How some firms are changing talent tactics to combat cyberattacks.




Another day, another major cyberattack. In the last few weeks alone, there have been serious data breeches reported at the European Union, Facebook, Marriott, and even NASA. A recent University of Maryland study concludes that there’s an effort to hack US computers with Internet access roughly every 39 seconds.

Organizations are already building out information technology teams to combat the breaches, of course. “Over the past 12 months, we have nearly doubled the number of cybersecurity positions we have filled,” for clients,” says Jamey Cummings, co-leader of Korn Ferry’s Cybersecurity practice.

But the ubiquity of attacks is making some companies rethink the types of talent needed to lead their efforts. For one thing, companies are increasingly looking for information-security executives who have more than just IT and operational skills: they need to have an ability to work closely ad effectively with top executives and even board members. “For many companies the discussion has gone from, ‘Do you have a Chief Information Security Officer?‘ to ‘Do they have a seat at the table?’ They need to work with the rest of the business leadership and other key stakeholders,” says Aileen Alexander, the co-leader of Korn Ferry’s Cybersecurity practice.

Alexander says that there’s also been a noticeable uptick in companies that are seeking to recruit a strong deputy CISO. A strong No. 2 not only can help develop and execute a security strategy but also make for a easier succession if the CISO leaves the firm.

There’s also more awareness that a firm’s board of directors needs more expertise about cyber security. Cummings says that not every company is seeking board members expressly for their cybercrime-thwarting talents. Boards, for the most part, still want ‘supermen and women” with a variety of skills and attributes to fill every board seat, he says. Still, he says, directors are looking to develop their own cybersecurity expertise, often by reaching out directly to the company’s IT executives or hiring consultants. “Overall companies are better prepared for cyberattacks then they were a few years ago,” Cummings says. “They realize this problem is here to stay.”