Cyber Security: What level of Chief Information Security Officer do you need?

What level of CISO do you have?

The Cyber Level Model helps individuals and organizations work out where they currently are now and where they want to be in the future. This model uses the widely recognized NIST* framework to help evaluate the leadership of the cyber function.

Most cyber functions operate at this level. Typically found in places where cyber is seen as an IT problem. Strong on access controls, less strong on detection and response. Knowledgeable about regulation. Less connected internally and externally. Rarely appears before the main board. Transactional. Suitable for organizations where the likelihood and impact of a cyber attack is low.​​

Cyber seen more broadly than an IT problem. Innovates and transforms. Engages with other functions, e.g., HR. Protects, detects and responds to cyber issues. Weaker on recovery planning. Connected internally and externally. May appear before the main board. Relational and reactionary. Suitable for organizations where the likelihood of a cyber attack is high but the impact minor.

As Level 2, stronger relational skills. Comfortable at main board level. Highly change oriented. Influential, innovative, uses data analytics. Shares information with industry peers. Anticipates. Suitable for organizations where the likelihood of a cyber attack is low but the impact severe.

As Level 3, more strategic and innovative. Part of the DNA of an organization. Involved in all critical and highly confidential decisions, e.g., M&A. Manages new developments and changes. Suitable for organizations where the likelihood and impact of an attack is high.


What level of CISO do you need?


Global Cyber Security Contacts

Matt Comyns
+1 203-905-3353

Tim Cook
+1 203-905-3353

​​Russell Reynolds Associates is a global leader in assessment, recruitment and succession planning for boards of directors, chief executive officers and key roles within the C-suite. With more than 370 consultants in 46 offices around the world, we work closely with public, private and nonprofit organizations across all industries and regions. We help our clients build teams of transformational leaders who can meet today’s challenges and anticipate the digital, economic, environmental and political trends that are reshaping the global business environment. Find out more at Follow us on Twitter: @RRAonLeadership​