Meet Reliance acsn Advisory Board member Marcus Willett CB OBE

Marcus Willett headshot
Marcus Willett CB OBE

In his 33-year career in GCHQ, Marcus Willett CB OBE developed an international reputation for the depth and breadth of his knowledge and experience on cyber matters. He was GCHQ’s first director of cyber, helped to design the UK’s first national cyber security strategy and led the UK’s National Offensive Cyber Programme. As deputy head of GCHQ, he was responsible for GCHQ’s intelligence activities and its cyber operations.

Today, Marcus is a senior adviser at the International Institute for Strategic Studies (IISS), a world-leading authority on global security, political risk and military conflict. He developed and delivered the IISS methodology for assessing national-level cyber power and its implications for the future of conflict. The work included an assessment of the cyber capabilities of 15 states, with more to follow. Marcus is currently researching, and writing a book on, the responsible use of offensive cyber power by the US, UK and their close allies.

In addition to his role at IISS, Marcus provides strategic advice to businesses of all sizes on cyber matters. He is particularly focussed on demystifying cyber security for company boards, helping them ask themselves and their security specialists the right sort of questions, and ensuring that the whole company knows what to do in the case of a significant cyber breach (like dealing with a successful ransomware attack). This includes running exercises for boards and helping them plan for resilience. The focus is on developing customised approaches to cyber security that best fit the real needs of the company, rather than spending a fortune on gold-plated solutions.

“There is no ‘one size fits all’ in cyber security,” says Marcus. “There are of course important technical considerations – understanding the company’s complete IT estate; where its most valuable data is held and how it is protected; the advantages and disadvantages of using the Cloud; and the like. But a board’s approach to cyber security should be mostly about mindset, leadership, people and processes.”

Marcus finds that the secret is to find ways of bridging the gap that often exists between the deep technical understanding of the company IT experts and the critical business concerns of Chair people, CEOs and board members.

Having originally joined GCHQ as a Russian linguist, Marcus subsequently spent most of his career interpreting between the language of technology and the language of decision-making.

He adds, “Success is when boards approach cyber security like a business risk, on a par with their other top business risks, recognising that a serious cyber security failure is ultimately not just a technical issue, but directly impacts the company’s bottom line and reputation.”

Marcus can provide insight into the full panoply of state and non-state cyber threats to help companies prioritise their responses. He can also help boards understand the nature of today’s inter-state cyber and technological competition (think the US campaign against Huawei writ large), and what the future might bring, to help boards spot opportunity and manage risks.

To hear more about the experts at Reliance acsn or to meet more of the advisory board and our senior leadership team, head to: