Cybersecurity Award Sparks Debate Over Breach Responses

Why This Cybersecurity Expert Rejected Their 'Person of the Year' Praise

CISO MAG named its 'Cybersecurity Person of the Year' in December 2019, honouring the author of a recent report on data breach communications. The award recognised their approach to handling security incidents, though the author believes others were more deserving. Among past recipients, experts like Troy Hunt and Rik Ferguson also received accolades from the publication in 2019. The author’s method for reporting breaches starts with direct contact to chief information security officers (CISOs) or chief security officers (CSOs). They argue that involving these leaders early makes it more likely they will engage in follow-up discussions. In contrast, initial outreach to public relations teams often delays or complicates responses.

According to the report, legal teams sometimes take the lead in breach communications, which can create unnecessary tension. The author describes these interactions as confrontational and poorly aligned with resolving the issue. They also highlight a common media problem: the first published account of a breach—accurate or not—tends to dominate subsequent coverage. The December 2019 award placed the author alongside recognised figures in cybersecurity. Hunt, creator of *Have I Been Pwned?*, and Ferguson, vice president of security research at Trend Micro, had both been honoured earlier that year. Despite the recognition, the author maintains that other professionals contributed more significantly to the field.

The report outlines clear preferences for breach notifications, favouring direct engagement with security leaders over PR or legal intermediaries. CISO MAG’s award underscores the importance of effective communication in cybersecurity incidents. Yet the author’s reservations suggest ongoing debates about who truly drives progress in the industry.