Cybersecurity and Organizational Change Management: Communication
Cybersecurity efforts to protect a business from internal/external cyber threats and safeguard critical information assets often focus only on the technology solutions, neglecting the cultural, interpersonal, social, and overall Organizational Change Management (OCM) challenges. When not taken into consideration, these non-technical elements can create unanticipated vulnerabilities which become tangible risks to the organization.
Developing and implementing a robust Cybersecurity Program is not solely an “IT project.” It is a multi-disciplinary and complex task which needs focus and attention at all levels of the enterprise. The security design (including; policies, technologies, infrastructure, and processes) of an enterprise wide cybersecurity program is not typically derived from of a preexisting template. Instead, it requires research, analysis, input, and support from every aspect of an organization (e.g., Human Resources, Legal, Physical and Information Security, Information Technology, Leadership, etc…) in order to craft a solution that is customized for the risks and needs of the specific company.
One key element of the OCM activities associated with a cybersecurity program implementation is communication. The broad mix of stakeholders from all levels and functions throughout the enterprise makes this work-steam specifically challenging. Here are a few tips to help navigate what can sometimes be a daunting communication challenge:
- Keep in mind that most of your stakeholders across the organization are not usually highly technical; you need to explain complex technical cybersecurity topics in a common sense manner while trying to avoid IT, cyber, or solution specific jargon.
- Majority of stakeholders will want to take in the big picture rather than get bogged down in the details. So, frame your initial communications in broad concepts rather than detailed specifics.
- Focus on the security benefit to the stakeholder and/or the impact that failing to act will cause on the company and explain the associated consequences.
- Be clear with senior managers that you depend upon their technical, business, and domain expertise, and the implementation team will need a complete picture of the program from their perspective, including any detriments and downsides.
- Be patient with your IT security managers, as they often want to discuss the technical details of configuration or settings. Ask for any overly detailed statements to be re-phrased in layperson terminology.
- Help provide business context in any program communication to leadership. A manager might tend to only see their own local aspect of a perceived issue and not how it might affect the business, personnel, budget, mission, goals, customers, and most importantly the stock price.
From an individual employee, or people perspective, the focus of a Cybersecurity Program should be on “Privacy” not “Security.” People care about their privacy and a threat to this will drive a sense of urgency. Also, people understand privacy technology and methods to protect their own personal privacy and can more easily relate to this construct at the business level
The cyber landscape is becoming more creative, attacks are increasingly destructive and costly, the technology employed is becoming more sophisticated and there is a double-digit rise in data breaches compounding year over year. Research shows that over half of incidents involving the leakage of data can be associated with a company insider. Organization’s need to implement or improve a growing set of new and evolving proactive information protection methods to be established within cybersecurity programs in order to provide the due diligence required to mitigate litigation, reduce liability, and control risk.
Businesses today must operate in a complex world that is fraught with cyber peril and cybersecurity is difficult. People are even “attacking” you. There are threats, hackers, intruders, outbreaks, breaches, assaults, and other menacing intimidations. Companies must take advantage of every opportunity to reduce cyber risk. A solid Cybersecurity Program involves more than just technical solutions. There are also policies, protocols, and processes to be implemented and followed. A cybersecurity program leverages awareness and training, communication, marketing, business knowledge and expertise, Leadership commitment, and social norming along with the support of technical solutions to develop and enhance a cyber-secure culture across the enterprise.
For more information about Organizational Change Management and Cybersecurity, please contact Larry Powers at (Larry.Powers@BoxleyGroup.com).
Dr. Larry Powers has over 20 years’ experience developing, implementing, and maintaining Organizational Change Management (OCM), Organization Development (OD), and Competency Based Human Capital Management strategies and systems within small companies and worldwide operations. He is a seasoned Change Agent who has held senior leadership positions and has an in-depth knowledge of Business Transformation, Talent Management/Leadership Development systems, ISO 9001/14001/18001, and Business Process Reengineering. Larry holds a doctorate in Organizational Change and a Masters in Technology Management from Pepperdine University.
Boxley Group (BoxleyGroup.com) consists of a core group of experienced consultants. Our experts represent extensive experience in the full business value chain. Our focus is working with clients as trusted advisors to identify and solve the dynamic challenges in today’s business. We have a proven track record in a range of client needs: from strategic advisory services to identifying and correcting non-functional processes; from leading complex projects to recommending difficult decisions and leading sustainable change. We expertly and efficiently scope the challenge and execute an agreed plan to deliver exceptional value for our clients.
Boxley Group consultants help to “bridge the gaps” that can exist between the four cornerstones of a business; Strategy, Operations, Commercial and Technology, facilitating collaboration to achieve common goals. We add value by recognizing important differences in the functions and viewpoints of each cornerstone while continuously focusing on alignment to deliver the best result.
The Boxley Group is your trusted and experienced business partner in Cybersecurity Change Management, Strategy Implementation, Competency Based Human Capital Management, Information Management, Solution Deployment, Project Management, Organizational Change Management, and HES (Health, Environment, and Safety)
5535 Memorial Drive, Suite F418
Houston, TX 77077