Firms are averse to discussing their shortcomings, especially in the high-stakes world of cybersecurity.

However, according to research from Goldsmiths and Symantec, the University of London, security professionals who have survived a cybersecurity attack or security breach are the ideal candidates to hire to safeguard firms from future attacks.

The analysis found that slightly over half of the 3,000 CISOs polled believe that learning from mistakes is critical to enhancing a company’s cybersecurity architecture. Indeed, these experts could be the company’s strongest line of defense in the event of a cyber-attack. Security experts who have been through a preventable breach have a distinct attitude. Such professionals are less prone to experience burnout, are less likely to consider abandoning their job, are less apathetic toward their work, feel less personally accountable for an incident, and are more likely to share their learning experiences for the company’s benefit.

Cybersecurity breach survivors have firsthand knowledge of what works on the front lines of security performance management and what doesn’t, as well as recovery protocols, crisis management, and teamwork. Furthermore, cyber-attack veterans have a unique viewpoint on risk management in the cybersecurity space. They realize that risk reduction necessitates more than just the proper technology and techniques. All endpoint protection, firewalls, and other security measures won’t help until a company takes a risk-based approach to security, where all stakeholders realize the inherent danger of conducting business in a digital age.

Unfortunately, while many businesses espouse the merits of transparency and information sharing, cybersecurity remains a taboo topic for everybody. Cyber breaches are viewed as a red flag, and security professionals are reticent to provide information or reveal vulnerabilities that resulted in security breaches, as well as the lessons learned from those occurrences. That may be one of the prominent reasons why security professionals who have dealt with it have been reluctant to speak up about their experiences openly. According to the report, 54 percent of respondents do not discuss security breaches or assaults with their peers in the business, with 36 percent worrying that disclosing such knowledge could harm their job prospects or professional reputation.

This new research states various best practices, recommending that these lessons be shared with company boards in order to build a more open learning culture among data security professionals. As a result, data breach survivors should be at the top of the company’s priority list when it comes to hiring. Sharing experiences is an important component of establishing a company’s security structure, especially because all employees must be active in securing the company’s data. Because of the current cybersecurity skills scarcity, everyone, from the CEO to the clerk, must take responsibility.

Failure to follow the established security measures might have serious consequences. A cybersecurity breach now costs an average of $4.6 million each occurrence. However, the ramifications of this go beyond mere reputational and financial harm. As a result of breaches, cyber-attacks, and outages, 51 percent of tech leaders are experiencing cybersecurity fatigue and other stress-related ailments. Firms must recognize that exposure to vulnerabilities can help them improve their security performance management.

All businesses are vulnerable, even if they aren’t aware of it. However, cybersecurity specialists who have personally witnessed an assault should be heard, recognized, and rewarded. They should be assured that their expertise will help their businesses be better prepared to withstand security intrusions in the future. Their experiences, as well as the knowledge obtained from them, should be leveraged to improve security performance management, resulting in a robust defense against future threats. It is past time for businesses to modify their attitudes toward personnel who have experienced data breaches and hire more of them in order to make their operations more breach-proof.

For more blogs checkout: Blogs