The number of cyber-attacks has increased over the last years, and the risk of becoming a victim is highly topical for companies of all sizes. Digitalisation continues to advance, and the technologies on both the attacker and the defence side are improving. However, cybersecurity is not only a technological issue but much more one where humans are at the centre. Most successful attacks are due to human error, and therefore this is where we need to start. Solid and capable leaders are required in cybersecurity to make individuals more aware of cybersecurity and mitigate the risks of human errors. Established frameworks specify how cybersecurity can be managed and cover the areas of training and awareness. Other frameworks recognise individual cybersecurity work roles and their tasks. However, no framework indicates how a leader should lead in a specific phase of the cybersecurity lifecycle to support cybersecurity management optimally. For this purpose, the Cybersecurity Leadership Framework (CSLF) was designed in this research. It focuses on leadership and has a rather managerial than technical perspective. As a first step, the state of the art in cybersecurity and leadership was researched according to the design science research approach. In the second step, elements from existing frameworks were arranged in the CSLF. In a third step, this was evaluated by ten cybersecurity practitioners whose feedback was incorporated into the framework.