Organizations that accept and foster alignment of cybersecurity and business, in language and in practice, will be better positioned to adapt to change and achieve their objectives.
Words matter. And when it comes to strengthening communications between business and security leaders, they are particularly important. Because the lexicon of IT security professionals today doesn’t just include words like denial of service, viruses, and data siphoning. Top-of-mind business concerns now make it necessary to include words like revenue growth, brand reputation, and customer loyalty.
That’s why we need to stop thinking about cybersecurity and business equities and interests in silos. In today’s world, traditional boundaries of delineated interests grow evermore porous. Let’s accept that these interests are now inextricably enmeshed, at all levels of the organization. And let’s treat them as such in our conversations with each other – from the boardroom to the lunchroom and everywhere in between.
To do this, leaders can cultivate a singular, integrated lingua franca to help build alignment between business and cyber teams. We’re already seeing this trend at top business schools, which are increasingly incorporating cybersecurity courses into their MBA curriculum. And it’s common to see CIOs and CSOs with advanced business degrees.
From my experience, here are four things to keep in mind when developing this alignment:
Everyone is now in the ‘business of business’
Security and business leaders should rally around a common goal of helping the company make its numbers. Security leaders must be able to articulate the importance of security in business terms, and business leaders should be adept at advocating the strategic benefits of a strong security posture.
We own each other’s challenges
Every group has different goals and pressures. Security and business leaders should consider the words and strategies that are key and unique to each other, and tailor how they discuss priorities and concerns – whether it is a P&L, marketing campaign, or risk mitigation strategy – to facilitate mutual understanding and collaboration toward a shared objective.
Security isn’t just technology anymore
In today’s data-driven, mobile and open environment, security is a strategic enabler of a company’s success. Every business advance that takes advantage of open, networked technologies, exposes the organization to a spectrum of possible new risks that must be identified and addressed by the business and IT – in concert – from the very earliest planning stages.
Build a culture of security
This lingua franca cannot only exist between senior executives or when something goes awry. It must become an established component of the ongoing company dialogue at all levels, and deeply embedded into the daily culture. Cybersecurity must be embraced – and discussed – as a shared responsibility across the entire organization.
Just as information technology has reached into the far corners of virtually every future-ready enterprise, so too have the implications, risks and challenges of cybersecurity. Organizations that accept and foster alignment of cybersecurity and business, in language and in practice, will be better positioned to adapt to change and achieve their objectives.
John McClurg is the Chief Security Officer for Global Security Organization, Dell.