Ten Reasons Why Senior Managers Need To Understand Cyber Security

Uploaded on 2019-07-22 in NEWS-Cybersecurity News, FREE TO VIEW

Unprecedented levels of cyber innovation, inter-dependence, connectivity and change call for strong, cyber comprehension and ethical leadership. In this promising yet volatile context, a leadership vacuum poses a real threat to global stability and prosperity. 

Considering the speed of digital evolution and its impact on global transformation, emerging cyber leaders are among the most likely candidates to fill the growing global leadership gap.

Why cyber leaders are more likely to be the next world leaders:-

Responsible cyber leaders possess many of the transversal core competencies required for global leadership, including:

1. Extensive knowledge and a broad skills base
Strong leadership in cyber-security requires a broad knowledge base and diverse skill sets. Senior executives responsible for cyber-security must understand both the internal workings of their enterprise, its assets, processes, business objectives, risk management strategy, and external factors, including bilateral and multilateral relationships, regional and global systems, and world events.  All these may have direct, indirect or ripple effects on their organisation’s cyber-security posture.

2. Ability to Anticipate
The nature of cyber-security forges leaders with a forward-looking, anticipatory mindset and openness to new trends and technologies. With the accelerating pace of technological change and the consequent inter-connectedness of society, skillful management of near-term risks and opportunities are vital to maintaining a strong cybersecurity posture, whether defending against a particular variant of ransomware or implementing best practices in third-party vendor management.

Robust cyber-security leadership also calls for savvy anticipation of the potential impact of larger developments, such as artificial intelligence, quantum computing or the growing tensions between data localisation laws, as well as of unexpected and sudden changes, such as the dissolution of a strategic partner company, a natural disaster or the propagation of a global cyber-attack.

3. Probing Discernment
In the cyber field, knowledge and understanding are important, but they are not solely enough to lead. The ability to differentiate pertinent, actionable information from background noise is essential. Like leaders on the world stage, cyber leaders are constantly inundated with a high volume of diverse inputs, from external and internal sources alike.
They need sharp acumen in distinguishing inaccurate or even fake information from that which is relevant and real, and provides a sound basis for decision-making. 

Successful leadership in both cyber-space and on the world stage must be quick to understand the contextual nature of continuous information, clearly distinguishing the valuable from the extraneous, the authentic from the fake, the urgent from the latent and the high-impact from the low-grade.

4. Capacity to identify cross-cutting Strategic Issues
Cyber leaders need to be astute at identifying common themes and pursuing important questions and gaps across vast quantities of information. A cyber leader, for example, must be capable of assessing and managing an organisation’s security posture based on numerous elements, statistics, reports, briefings and discussion. 

Assessing these, they must build and continuously adapt their strategy for maintaining and improving the organisation’s security posture, as measured across numerous vectors. Beyond their immediate objectives however, cyber leaders must also extrapolate from those inputs larger themes that can inform more strategic findings and recommendations for future progress, highlighting challenges. 

For example: Do issues impacting cyber-security, such as poor asset management, indicate broader management deficiencies that represent strategic, enterprise-level areas for improvement?  Is the organisation’s inability to enforce third-party security requirements symptomatic of larger issues related to its market leadership?

Effective, efficient and agile cybersecurity requires a unique kind of persistent curiosity and thinking to evaluate information in the context of larger themes and strategy.

5. Crisis Management
Cyber leaders must act effectively, responsibly, decisively and quickly in times of crisis. Cyber incidents vary in scale and kind, can occur at any time. And no matter how extensive the preparation for mitigation, there are always unknowns. 
Managing a crisis typically requires balancing competing interests, relying on incomplete and evolving information, and proceeding with response despite ongoing damage and degradation.
In a cyber crisis, most often under immense time and other pressures, cyber leaders must be able to evaluate information quickly based on its source, reliability, accuracy and relevance; identify and evaluate alternative (potentially unconventional) courses of action; and make impartial, optimal decisions, unaffected by individual or segmented interests.

6. Sound Ethics and Integrity
The complexity and expansive scope of cyberspace challenges leaders with diverse and unprecedented ethical dilemmas that can have highly tangible and, increasingly, physical implications.  In addition, the sensitive nature of cyber-security issues means that decisions in this space are often based on classified, confidential or proprietary information that cannot be shared widely. 

Responsible cyber leaders must possess a solid internal compass and the fortitude to make difficult, potentially unpopular decisions.

Moreover, cyber leaders must have the experience and judgement to make difficult decisions in a closed-circuit environment, where confidentiality requirements may limit their ability to confer fully with mentors and external communities when making critical decisions.

7. Balancing Details with the Big Picture
Organisations are increasingly recognising cyber-security as a separate and distinct function in their structure, requiring both dedicated full-time employees and a clearly designated, accountable senior executive. The nature of cyber-security however, concerns wide-ranging responsibilities and touch points not limited to specific or traditional cyber-related functions such as information technology alone. 

In this potentially boundless portfolio, effective cyber leaders must be able to distinguish between areas in which they need to possess only surface-level awareness, develop a conversant level of knowledge, or delve to deeper levels of nuance and complexity.

Since they cannot be experts on the entire broad spectrum of potential issues impacting their responsibilities, cyber leaders must constantly adapt relationships and hone their ability to zoom in or out from details to big picture on a case-by-case basis.

8. Capacity to Delegate
Cyber leaders cannot achieve their goals alone. They must know how to delegate specific tasks and, in some cases, authority, to achieve larger goals and foster team growth and development. 
On the other hand, both cyber and world leaders need to identify and prioritise aspects of their leadership role that cannot be delegated, such as developing relationships, performance management, strategic thinking and decision-making.

9. Consensus Building and Decision-Making
Cyber-security leaders regularly work in complex circumstances involving different types of professionals, in a range of specialised areas such as legal, marketing, communication and information technology. Within an organisation or ecosystem, cyber-security cannot be solved by any single actor; all entities are involved. 

Effective cyber leaders must be able to adapt and modulate their language and approach to various audiences and registers in order to facilitate a common understanding of complex and difficult situations, and build consensus around specific courses of action.

10. Maximising Workforce Potential
Cyber leaders must stay in front of a rapid and exponentially changing technological landscape that brings both significant opportunities and vulnerabilities. To do so, they need to prioritise hiring a highly skilled workforce, improve talent retention and facilitate efficient re-skilling. 

To find and retain the very best talent, cyber leaders must implement policies that create more performance-based, diverse and inclusive work environments, including by implementing merit-based evaluation and reward systems based on accountability and transparency.

Today’s cyber leaders are not only well-equipped to lead on a global scale, navigating extremely complex situations, and employing hard and soft skills to create more resilient and secure societies in terms of processes, technology and people. They can also provide much-needed inspiration for what new world leadership could and should be.

EuropeanSting

You Might Also Read: 

Cyber Essentials For Board Directors:

 

 

« Five Hi -Tech Ways To Fight Off Cyber Attackers
SMEs Run Outdated & Vulnerable Operating Systems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Information Network Security Agency (INSA) - Ethiopia

Information Network Security Agency (INSA) - Ethiopia

INSA's vision is to realize a globally competent National Cyber capability which plays a key role in protecting the national interests of Ethiopia.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.