Top 10: CISOs in the UK

The modern cyberspace landscape is a volatile battlefield, where invisible threats constantly test the limits of corporate resilience.

As AI accelerates both the sophistication of cyber attacks and the defensive tools required to neutralise them organisations face unprecedented levels of risk.

The role of the Chief Information Security Officer has evolved dramatically in response to these existential challenges. No longer confined to the back office, these executives now hold pivotal roles in the boardroom where they align complex security architectures with overarching business strategies.

A modern CISO must navigate a perilous environment defined by ransomware syndicates, state sponsored actors and the looming horizon of quantum computing.

They are not merely technical gatekeepers, but visionary leaders who champion digital transformation ensure secure by design innovation and cultivate a culture of psychological safety for their teams.

In the UK, a hub of global finance, media and defence, these leaders set the gold standard for operational excellence. 

Cyber Magazine shines the spotlight on the UK's digital defenders, the visionaries shaping the future of enterprise protection.

10. Daven Patel

Company: Diageo
Headquarters: London, UK
Revenue: US$20.2bn

As the Chief Information Security Officer at Diageo, Daven has established himself as a dynamic force in modern digital defence.

Holding Diageo's fort down as the CISO for nearly 15 years and carrying about 25 years of industry experience, Daven's security approach is rooted in business enablement, ensuring protocols accelerate rather than hinder corporate growth – as he understands that security cannot act as a bottleneck to innovation in a connected economy.

Daven's approach reflects a modern CISO mandate, where risk management, cultural awareness and proactive threat detection are integrated into global operations.

By pushing the boundaries of how cyber risk is managed at a global beverage leader he earns his place among top security executives.

9. Nicole Keeley

Company: British Airways
Headquarters: London, UK
Revenue: ~ US$38bn (IAG)

Nicole operates at the intersection of consumer data protection, operational technology and critical national infrastructure.

As Director of Cyber & IT Risk (CISO) at British Airways, she leads cybersecurity strategy within one of the world’s most complex aviation environments.

With a background in regulatory cyber oversight, she brings a system-wide perspective to managing risk across interconnected aviation ecosystems.

Nicole is an active contributor to international aviation cybersecurity forums, advocating for collaboration, resilience and the reduction of attack surfaces through modern architectures such as zero trust.

Her work reflects the growing importance of cybersecurity in safeguarding both passenger data and operational continuity in global air travel.

8. Brian Brackenborough

Company: Channel 4
Headquarters: London, UK
Revenue: ~ US$1.4bn

Brian is a leading UK cybersecurity professional and Chief Information Security Officer at Channel 4.

He safeguards high-value media assets including intellectual property, unreleased content and audience data in a sector increasingly targeted by ransomware and cybercriminal attacks.

Brian is known for building and maturing Channel 4's internal security capabilities while aligning security strategy with business needs.

His approach focuses on risk management, compliance and protecting creative operations without slowing down production.

Brian regularly shares his expertise on media cybersecurity and contributes to industry discussions on protecting broadcasters from evolving cyber threats.

7. Bronwyn Boyle

Company: PPRO
Headquarters: London, UK
Revenue: US$53m

The financial technology sector demands a security posture that operates seamlessly at the blistering speed of global digital commerce while maintaining absolute regulatory compliance.

Bronwyn has mastered this immense balancing act as the CISO at PPRO overseeing information, cyber and technology security across all product offerings.

She was appointed to the role in 2024 having over twenty years of experience in cybersecurity, technology risk, regulatory compliance and fraud prevention, including senior leadership roles at Mambu, Barclays, TSB Bank and the UK Open Banking implementation body.

What truly elevates Bronwyn into the top echelon of cyber leaders is her deeply holistic approach to the industry. She is a highly vocal advocate for mental health recognising that the intense pressure inherent in security operations can lead to severe burnout. 

Bronwyn has been featured in industry lists such as the UK’s IT leaders and has won awards including SC Awards Europe Woman of Influence. She serves as a board member for Cybermindz.org, a not for profit focused on psychological resilience and wellbeing in the cybersecurity community and champions inclusive hiring practices and diversity to strengthen the human side of security.

6. Theo Botha

Company: Dr. Martens
Headquarters: Wollaston, UK
Revenue: ~ US$1bn

Guiding a massive legacy brand through the perilous waters of digital transformation, rapid e-commerce expansion and a major financial liquidity event requires exceptional strategic foresight.

Theo Botha possesses a pedigree built over two decades of technology leadership across diverse industries. As the global CISO at Dr. Martens he consistently demonstrates the rare ability to align complex cybersecurity architectures with overarching business objectives.

Theo was instrumental in building a comprehensive security programme that successfully facilitated the initial public offering of the company on the London stock exchange.

He mitigated regulatory scrutiny and cyber risks seamlessly to enable massive financial growth.

Theo currently leads the governance approach for the responsible adoption of AI across the enterprise ensuring brand heritage is preserved while technological innovation accelerates securely.

5. Craig Hickmott

Company: British Heart Foundation
Headquarters: London, UK
Revenue: Not applicable

The non-profit sector is frequently targeted by cybercriminals due to the sensitive donor data it holds combined with historically constrained IT budgets.

Craig Hickmott has shattered the paradigm of what is possible in charitable cybersecurity as the director of information security at the British Heart Foundation.

He orchestrated a masterful transformation of a fragmented function into a strategic enterprise partner. Craig launched a ground breaking cybersecurity apprenticeship programme to cultivate homegrown talent and build a socioeconomically diverse team.

He multiplied his defensive capabilities without requiring exponential budget increases by introducing advanced artificial intelligence to automate routine operations.

4. Helen Rabe

Company: BBC
Headquarters: London, UK
Revenue: ~ US$7.6bn

Operating at the helm of one of the largest local and global broadcaster requires protecting the digital infrastructure of a highly visible media empire.

As the global CISO for the BBC, Helen Rabe enforces security policies that protect critical operational data, sensitive journalistic sources and continuous broadcasting services.

Her defining strength is her incredible versatility and capacity to act as a crucial translator of cyber risk. Rabe possesses a proven track record of maturing bespoke information security strategies tailored to the unique risk appetites of vastly different sectors.

Her ability to clearly communicate highly technical security strategies to the board of directors has resulted in high adoption of secure behaviours across the workforce.

She ensures genuine cyber threats are neutralised before they can impact public broadcasting.

3. David Boda

Company: Nationwide Building Society
Headquarters: Swindon, UK
Revenue: ~ US$6.6bn

The financial services sector is the ultimate proving ground for cybersecurity requiring resilient defences that withstand continuous assaults from advanced threat actors.

David Boda is the Chief Security and Resilience Officer at Nationwide Building Society where he leads information security, cyber risk and operational resilience for one of the UK’s largest financial institutions.

David brings more than twenty years of experience in technology and national security roles including senior positions at Camelot Group and the Foreign and Commonwealth Office.

He is responsible for shaping Nationwide’s cyber strategy, developing security capabilities and building resilient teams that protect millions of customers.

He actively promotes emerging cyber risk awareness including quantum computing and post‑quantum cryptography and ensures these topics remain prioritised on the corporate agenda.

David also champions skills development and diversity initiatives to strengthen the human side of cybersecurity while maintaining a robust technical security posture.

2. Matt Rowe

Company: Lloyds Banking Group
Headquarters: London, UK
Revenue: ~ US$23.5 bn (net income)

If the future of cybersecurity relies on the transition from reactive human analysis to proactive algorithmic threat hunting then Matt Rowe is leading the global charge.

As the chief security officer at Lloyds Banking Group he wields immense influence over the security architecture of the global financial system.

Matt has played a key role in advancing the bank’s cybersecurity capability including the development of a patented innovation known as the Global Correlation Engine (GCE).

The GCE uses intelligent algorithms to analyse alerts from multiple cybersecurity technologies to identify genuine threats more accurately while reducing false positives and focusing security resources more effectively.

Lloyds Banking Group’s first patent for this methodology was granted in both the UK and US and work continues to enhance its capabilities with multiple layers of algorithms including AI.

Matt’s leadership ensures that this innovative approach to threat detection remains a strategic priority as the bank strengthens its defences and protects the interests of millions of customers in a constantly evolving threat landscape.

1. Dr. Mary Haigh

Company: BAE Systems
Headquarters: London, UK
Revenue: ~ US$37.8bn

Securing a massive global defence company means operating constantly in the crosshairs of the most advanced nation state threat actors.

Dr. Mary Haigh shoulders this immense responsibility as the global CISO of BAE Systems, leading the cybersecurity strategy for one of the world’s largest defence and security organisations.

Holding a doctorate in semiconductor physics she approaches cybersecurity not merely from a standard IT perspective but from a profound understanding of foundational science and hardware mechanics.

Since joining BAE Systems in 2015, she has held a number of senior leadership roles developing cyber vision, strategy and security roadmaps.

Mary is a recognised advocate for diversity in the cybersecurity profession and she founded R.I.S.E, a cross‑industry mentoring scheme for women in cyber. She is also a member of the executive committee for the Defence Cyber Protection Partnership and a speaker at events around the world on topics such as responsible cyber power.

Dr. Haigh's combination of technical expertise strategic leadership and commitment to talent development has made her a highly respected figure in UK and global cybersecurity.