Cyber risk is now a boardroom issue as much as a technical one. The UK government’s latest Cyber Security Breaches Survey found that 43% of businesses identified at least one cyber security breach or attack in the last 12 months, while 20% were victims of at least one cyber crime. Phishing remained the most common form of cyber crime, affecting 93% of businesses that experienced one, and ransomware rose to 1% of all businesses, equivalent to an estimated 19,000 organisations.

The pressure is not only growing in scale, but in complexity. The World Economic Forum’s Global Cybersecurity Outlook 2025 says the cyber skills gap has widened by 8% since 2024, with two in three organisations reporting moderate-to-critical shortages, and only 14% confident they have the people and skills they need today. IBM’s Cost of a Data Breach Report 2025 adds another warning sign: the global average cost of a data breach now stands at $4.4 million, while 63% of organisations still lack AI governance policies.

That is what makes Purvi Kay such a timely voice in this space. A global cyber security leader, TEDx speaker and advocate for women in cyber and neurodiversity, she is known for linking security, governance and leadership rather than treating cyber as a technology problem in isolation.

In this exclusive interview with the Cyber Security Speakers Agency, Purvi Kay reflects on the leadership mistakes businesses still make, the skills security leaders now need most, and why the future of cyber will depend as much on people and resilience as it does on AI.

Question 1. Cybersecurity is still often treated as a technology issue first and a leadership issue second. From what you see in organizations, what is the biggest mistake businesses continue to make?

Purvi Kay: “I think we hear it a lot, and this is also one of my personal views. In cyber security, leaders think of it as a technical problem and they forget that there is a technical element to it, but it is actually a leadership and culture issue as well.

“Most of the cyber security issues and problems we see come from weak governance, for example. They come from poor communication. When your technical experts are not able to translate all that technical jargon to your leaders to make business sense, they're not able to make informed decisions. So that poor communication is also something very key to security.

“And also when there's unclear accountability within the organization, who's doing what, who is responsible, who is accountable for all these risks, I think those things are undervalued and that is one of the biggest mistakes that we're making currently.

“I feel that cyber doesn't fail because of just not having good tech, but it fails because culture fails, and so we really need to tap into culture. So the technology that we are pumping so much money into is great, but it'll only work when our people and our governance and our leadership work in cohesion.”

Question 2. Security leaders are now expected to do far more than manage technical risk. Which skills do you see as most essential for leading effectively in that environment?

Purvi Kay: “So generally for any leaders, you think about strategic vision, you think about empathy, you think about influencing ability, but the best leaders I've seen in security are those that can translate complexity into clarity and those that can bring the organization along with them.

“It is very difficult for leaders to sell security. Security is always seen as a barrier, but great leaders are able to show the organization that security is actually an enabler and it should be thought about at the forefront.

“It should be thought about at board level, and those people who are able to do that are really good cyber security leaders, or security leaders in general, because they don't just manage risk, but they inspire clarity. They inspire confidence, and they bring about collective responsibility in the organization.”

Question 3. With AI accelerating both capability and risk, the future of security is shifting quickly. What changes do you expect to define the next phase of security strategy?

Purvi Kay: “So I see security is shifting towards proactive intelligence-driven models. Especially with AI, we are also seeing a lot of AI-accelerated threats. We're also seeing security shifting to a more secure-by-design approach, and that is brilliant because we're now looking at security being embedded at the forefront of everything you do, everything you build, which is a great approach.

“But what I'm also seeing at the centre of all of this is human resilience. I know there's a lot of hype about AI replacing humans. But I think that without human resilience within the midst of this, AI is not going to work. So we need that human element to it as well.

“What I'm also seeing is a shift in security is global collaboration. I think our allied nations are realising that we're in it together and we need to collaborate even more. So in terms of the future of security, I feel that it is built on AI, but it's where all that is embedded in the design and security is embedded in the design, and all of this is needed to be powered by human resilience globally.”

Question 4. When you speak publicly, you are not just sharing ideas but trying to influence behavior. What do you most want audiences to leave with after hearing you speak?

Purvi Kay: “So normally when I'm speaking in my public engagements, I want the audiences to feel empowered and I always go with that intention for audiences to feel empowered.

“I want the audiences to feel that they can challenge the norms and they can embrace inclusivity, whether it's about inclusive security, inclusive leadership and bringing in diversity in their organizations. I want them to think about how very small changes in behaviors can shape the culture in their organizations.

“But one point I'd make is when I speak, I just don't want the audience to listen. I want to inspire them to take away some action points that they will go and implement and create positive impact in the world. If after I've spoken the audience leave feeling that they can personally drive some change, then I feel like my job is done and transformation in the world has already begun at that point.”

This exclusive interview with Purvi Kay was conducted by Tabish Ali of the Motivational Speakers Agency.