It would be hard to imagine someone disputing that cybersecurity is important based on today’s climate. Experts estimate that the 2017 Equifax breach cost the company $439 million. It’s also believed that Target lost $292 million as a result of its 2015 breach. CISO’s and CEO’s have their jobs threatened by failures to have adequate security.
While cybersecurity may be every executive’s job, there is frustration at every level of the corporation while trying to make progress in fostering a cybersecurity culture. Ask any gathering of executives on the topic of security and there will be plenty of stories shared about having too much security or not enough.
Whether you are a CISO, CEO, another team member or someone interested in promoting security among your leadership team, there are a few key principles to consider when attempting to effectively promote a cybersecurity culture at your company.
Make It About People
Security seems like it should be the most important job. But in reality, it is not. Is quality job No. 1? Is growing the company? Realise that there are many objectives contending for attention. Appreciate that even though there are common goals, people have their own goals and interests that may not align with yours.
Are there gaps in knowledge? If so, focus on reducing those knowledge gaps to create a baseline of understanding.
Understand Where You Are
Without an understanding of where you are, even if you know where you want to be, you are missing a key component needed for figuring out how to get there.
Do you understand your risks? Do you understand what others in similar situations have done? Do you understand the best practices and the emerging threats?
People are encouraged more about being a standout among their peers for moving progress forward. Embarrassment and criticism often result in people withdrawing, not engaging, avoidance and other dysfunctions that can starve an organisation of the flow of communication and creative energies that make change possible.
Be assertive and blunt if necessary in the wake of mistakes or blunders, but know that once people lose sight that you are on their side, then you’ve lost your influence.