Overcoming the cybersecurity language barrier with your peers
Different teams at any sized company must speak the same language when it comes to cybersecurity
I am writing to you today from beautiful Helsinki, Finland, where I am meeting with some customers. As I’ve mentioned before, I was born and raised in the UK, then moved to Tulsa, Oklahoma, so it is safe to say I don’t know a lot of Finnish. :)
But I’ve found in my travels around the globe that picking up a few of the basics of the native language – “Hi,” “Bye,” “Please,” “Thank you” – can go a long way in connecting with the locals.
This got me thinking about the different lines of business within any given company, and how they don’t always speak the same language.
Over my career, I’ve found that every organization develops their own acronyms, short hand, and systems and tools that they use – and going to work in a different team may feel like going to a whole new company! Think about your own organization and how the technology team talks about their business compared to – say – the marketing team.
To those who focus on risk management, the CSO/CISO teams might as well be speaking Finnish!
Collaboration on the cybersecurity front is important, and we need to involve everyone we work with in the process.Share this quote
This same insight emerged in recent surveys that we did for our latest AT&T Business Cybersecurity article – and there are 3 key takeaways on why it’s so important that different teams at any sized company speak the same language when it comes to risk management and cybersecurity.
Too many companies are throwing away their money.
One in four companies we surveyed plan to spend all or most of their cybersecurity budget on insurance in case there is a future breach. But just because you buy insurance, that doesn’t guarantee you’ll see a payout.
Just like your home insurance, the insurance company will come and do an audit to ensure you have the appropriate protections. This will affect the size of the check you get from them (or maybe not get a check at all). Net – you can’t just buy insurance for risk management purposes – you must have a strong cyber posture as well.
In a digitized world, silos must be broken down and collaboration must be prioritized.
I believe the idea of cybersecurity being just an IT issue is an outdated and dangerous mindset. You have to bring the cybersecurity people (often in the CIO, CISO or IT organization) together with the risk management people (who are often in completely different organizations like finance).
3. Business benefits
It’s just good for business! By collectively focusing on cybersecurity the right way, you can:
- reduce costs
- improve security
- optimize business capabilities
AT&T Cybersecurity Insights, Vol. 7
Our latest report, "Cybersecurity for today’s digital world," can help you manage cyber risk as you transform your business.
OK, so I’ve sold you on why you have to connect with your colleagues on cybersecurity. But how do you speak their language? I like to use the Good, Bad and Ugly method:
- Good – Start by highlighting a big cybersecurity win for your IT/CSO/CISO organization in the past few months. And be sure to include the business benefit of that big win! (And if you don’t have one internally, look externally!)
- Bad – Then, call out an ongoing issue within the company that your team is currently tackling. This brings home the point that cybersecurity is a 24/7/365 job in a digital world.
- Ugly – Finally, and this is the most important part, you have to be able to tell the story of why this matters. Find a narrative that will hit home with your colleagues. I recommend focusing on headlines from other companies in your industry, or companies of a similar size, that did not take the necessary precautions on the cybersecurity front.
When using the Good, Bad and Ugly method, be sure to keep everything high level, and never assume that your colleagues know technical language. How do I know this method works? I’ve watched the best leaders I’ve known use this approach - and adopted it throughout my career and in my current job.
So – collaboration on the cybersecurity front is important, and we need to involve everyone we work with in the process. What’s next?
I encourage you to check out our AT&T Cybersecurity Insights Vol. 7 report on “Cybersecurity for today’s digital world.” It Includes how to:
- Create the right team and allocate responsibilities
- Take the whole organization with you throughout this journey
- Prepare, pilot and persevere with your cybersecurity program
That’s it for me from Helsinki. So until next time, I’ll leave you by saying “Hyvästi” (goodbye)!