Cybersecurity threats continue to escalate in scale, speed and sophistication, placing growing pressure on organisations to move beyond reactive defences and rethink how risk is governed at leadership level. As digital systems underpin everything from national infrastructure to day-to-day business operations, failures in governance, communication and accountability are increasingly being exposed as critical vulnerabilities. At the centre of this challenge is Purvi Kay, a senior cyber security leader with experience operating in some of the UK’s most complex and high-stakes environments. With a background spanning defence, public sector security and secure-by-design leadership, Purvi is widely recognised for reframing cyber security as a cultural and leadership issue, not simply a technical one.
Her work focuses on helping organisations translate cyber risk into clear, board-level understanding, embed security at the point of design, and build resilience through people as much as technology. In this exclusive interview with the IT Security Guru, conducted via the Cyber Security Speakers Agency, Purvi Kay shares her perspective on leadership accountability, the evolving threat landscape, and what effective cyber resilience really requires in practice.
What’s the most common cyber security failure you see organisations make?
“I think we hear it a lot, and this is also one of my personal views. In cyber security, leaders think of it as a technical problem and they forget that there is a technical element to it, but it is actually a leadership and culture issue as well.”
“Most of the cyber security issues and problems we see come from weak governance, for example. They come from poor communication. When your technical experts are not able to translate all that technical jargon to your leaders to make business sense, they’re not able to make informed decisions. So that poor communication is also something very key to security.”
“Also when there’s unclear accountability within the organisation, who’s doing what, who is responsible, who is accountable for all these risks, I think those things are undervalued, and that is one of the biggest mistakes that we’re making currently.”
“I feel that cyber doesn’t fail because of just not having good tech, but it fails because culture fails, and so we really need to tap into culture. So the technology that we are pumping so much money into is great, but it’ll only work when our people and our governance and our leadership work in cohesion.”
What qualities define an effective security leader today?
“Generally for any leaders you think about strategic vision, you think about empathy, you think about influencing ability, but the best leaders I’ve seen in security are those that can translate complexity into clarity and those that can bring the organisation along with them.”
“It is very difficult for leaders to sell security. Security is always seen as a barrier, but great leaders are able to show the organisation that security is actually an enabler and it should be thought about at the forefront. It should be thought about at board level, and those people who are able to do that are really good cyber security leaders, or security leaders in general, because they don’t just manage risk, but they inspire clarity. They inspire confidence, and they bring about collective responsibility in the organisation.”
How do you see the future of security evolving, especially with AI and “secure by design”?
“I see security is shifting towards proactive intelligence driven models. Especially with the AI, we are also seeing a lot of AI accelerated threats. We’re also seeing security shifting to a more secure by design approach, where that is brilliant because we’re now looking at security being embedded at the forefront of everything you do, everything you build, which is a great approach.”
“But what I’m also seeing at the centre of all of this is human resilience. I know there’s a lot of hype about AI replacing humans, but I think that without human resilience within the midst of this, AI is not going to work. So we need that human element to it as well.”
“What I’m also seeing is a shift in security is global collaboration. I think our allied nations are realising that we’re in it together and we need to collaborate even more. So in terms of the future of security, I feel that it is built on AI, but it’s where all that is embedded in the design, and all of this is needed to be powered by human resilience globally.”
In your keynote talks, what do you want audiences to think, feel and do afterwards?
“Normally, when I’m speaking in my public engagements, I want the audiences to feel empowered, and I always go with that intention for audiences to feel empowered.”
“I want the audiences to feel that they can challenge the norms and they can embrace inclusivity, whether it’s about inclusive security, inclusive leadership, and bringing in diversity in their organisations. I want them to think about how very small changes in behaviours can shape the culture in their organisations.”
“But one point I’d make is, when I speak I just don’t want the audience to listen. I want to inspire them to take away some action points that they will go and implement and create positive impact in the world. If after I’ve spoken the audience leave feeling that they can personally drive some change, then I feel like my job is done and transformation the world has already begun at that point.”




