make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Security Leadership Series: An Important Principle for Every Cybersecurity Leader to Remember

09/20/2018  |  By: Mark Burnette, CPA, CISSP, CISM, CISA, CRISC, CGEIT, ITIL, QSA, Shareholder, Practice Leader of Risk Services

Share

Social Logo Social Logo Social Logo Social Logo

Here’s a principle every cybersecurity leader needs to acknowledge: Cybersecurity is not the single most important element of your company’s business. In reality, most businesses exist to make money or return some form of value to their stakeholders (unless you’re a nonprofit, in which case you likely exist to fulfill a specific social mission). They don’t exist to protect data or prevent cyber-attacks (although protecting data and preventing cyber-attacks can be an important precursor to making money).  

Embracing this reality can be a challenge for many cybersecurity leaders, especially if you’ve come up through the technical realm. Most passionate cybersecurity professionals eventually fall victim to believing that cybersecurity is the most important facet of their business, because that’s their entire focus at the organization. As a result, they’re constantly trying to convince other leaders that they should think that way, too.  

How to Get Other Leaders to Care About Cybersecurity

So, how do you go about getting other leaders to care about cybersecurity? Rather than trying to convince them with scare tactics or statistics, you should always look to connect your cybersecurity efforts to your organization’s larger business objectives. 

For those of us managing the day-to-day cybersecurity tasks and resources within an organization, it’s important to help connect what we’re doing to the larger business objectives that senior level leaders and board directors care about. Rather than focusing solely on the technology and data management best practices, identify the KPIs (key performance indicators) that communicate how the company is doing in terms of cybersecurity. 

If you can show that what you’re doing within the cybersecurity program is specifically supporting your company’s business mission, you’re much more likely to get a seat at the table and the needed funding for the program. Putting cybersecurity in perspective, based on the larger goals and objectives of your business, will help you be a lot more effective when it comes to talking with others about your ideas and initiatives, and it will garner respect among your peers on the company’s leadership team. 

Effective Communication is About Connecting the Dots

Remember: Unless your company is in the business of selling cybersecurity, don’t think or act like cybersecurity is a key objective of your company. Instead, always look for ways to connect the dots between your business’ larger goals and the work you’re doing to support it. 

As leaders in the information security industry, our team at LBMC Information Security is here to help with that big picture perspective and to assist you in connecting the dots between your cybersecurity risks and your company’s objectives. Subscribe to our blog or podcast to learn more tips and strategies for creating a culture that values cybersecurity within your company. You can also explore our Security Consulting services or contact us today to learn how we can help you with information security solutions.

This blog is the first in a series by Mark Burnette on security leadership that focuses on key issues security executives face daily and tips for how to navigate those issues with excellence.

Posted in: Security Consulting