[BreachExchange] Cybersecurity Is Changing The Way Leaders Behave

Fri Oct 20 15:16:06 EDT 2017

https://www.forbes.com/sites/jeffboss/2017/10/19/cybersecuri
ty-is-changing-the-way-leaders-behave/#2217a86c4042

The biggest threat that leaders — and specifically, CEOs — face isn’t brand
positioning, fighting the talent war or reporting higher earnings. Those
are all important, yes, but the increasing threat of cybersecurity is
changing how companies—and the leaders who lead them — stay competitive.

Just think of all the consumer trust that’s lost after a data breach. Trust
is the one thing that doesn’t bounce back the next day. It takes months and
even years to rebuild lost trust — if it’s rebuilt at all.

The new worry for CEOs is cybersecurity, and worried they should be.
According to one WSJarticle, “The number of U.S. data breaches jumped to a
record 791 in the first six months of 2017…That is a 29% jump from the same
period last year.”  As the organizational leader, a CEO is responsible for
everything under the sun that happens under his or her watch. It’s one of
the perks of leadership.

Prepare Right To Respond Right

I learned a number of things in the military — leadership lessons that
directly translate to any industry. One of the most important lessons,
however, was that  when crisis strikes, you don’t rise to the occasion; you
fall to the level of your training .

There are a number of ways you can prepare your team (and even your
company) for chaos. Here are three:

Questioning

I love questions (and it’s not just the leadership coach in me saying
that). Questions excavate. They unearth hidden agendas, assumptions,
personal beliefs. They reveal aspirations and motivations. They build
understanding and connection. Questions are powerful, but only to the
extent that they’re used powerfully. What I mean is, questions can come
across as accusatorial or condescending if asked in the wrong tone or at
the wrong time. However, they’re great for teaching and for understanding.
When it comes to preparation and training, questions can be employed in a
number of ways, ranging from red teaming to devil’s advocate and
dialectical inquiry. Here’s a quick rundown of each:

• Red teaming: Think of red teaming as wargaming, where you view the
situation from a competitor’s perspective and try to expose vulnerabilities.

• Devil’s advocate: Arguing an opposing or alternative viewpoint

• Dialectical inquiry: If devil’s advocate is arguing from opposite ends of
the spectrum, dialectical inquiry is arguing the same end but on another
spectrum altogether. For instance, if John wants to launch an Initiative
XYZ by the end of year, Mary might argue for the launch of Initiative ABC
at the same time (dialectical inquiry), whereas Bob might play devil’s
advocate by asking “what if [this happens] to Initiative XYZ?” at the time
of launch.

Beware of the first report

First reports are often wrong--not all the time, but often. The temptation
to move, to take action, can be immediate, as is the knee-jerk reaction to
judge . Don’t do it. Exercise the patience and the awareness not to make a
rash decision but instead wait for a clearer picture to emerge. Be sure you
have clear decision boundaries that outline:

• The type of decision to be made (is it a decision or a recommendation?)

• A “no later than date” for when that decision must be made by

• People that must be involved in the decision

• People that should be involved in the decision

• Risks, assumptions, alternative courses of action

• How the decision will be communicated

At the same time, don't take too long to decide either. Realize that you'll
never have all the information you need to make the "perfect" decision
because "perfect" doesn't exist . Analysis paralysis is a very real threat
to one's competitive advantage . Just look at Blockbuster or Firestone. The
problem these companies faced wasn't a failure to move but taking too long
to decide how to move appropriately.

Get feedback

The first step to improvement in anything is becoming aware that “it” needs
to be improved. When it comes to providing feedback, there should be clear
metrics or success criteria, because, without them, there’s nothing to
provide feedback on. Identify your benchmarks and have a communication
process that shares what works, what doesn’t and why.

The greatest lessons to be learned from preparation center around risk,
decision making and information flow. Namely, you see the risks associated
with each decision and the decision-making process used to navigate those
risks. You also unearth the team dynamics that people like to avoid because
they’re difficult conversations to have, but not having them impacts
communication, decision-making and alignment — all critical ingredients to
responding “right.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171020/dc7cf2af/attachment.html>