Top 5 solutions to reduce ‘cyber friction’

The biggest problem areas and solutions to reduce friction between cybersecurity, privacy and legal teams.

1 2 Page 2
Page 2 of 2

Steve Snyder shared that there can be a “lack of attention to the problem due to lack of resources coupled with clear understanding of the problem. Typically, at small and medium sized businesses, IT is heavily utilized, probably understaffed on just supporting operations. They implement the solutions and practices but have no time to document or communicate them with anyone. The rest of the company is in the dark on the info sec side because it is not an operational issue that is in front of them all the time. I’ve seen this problem solved primarily by having a rigorous review, again, most often by a third party. By forcing an assessment, it forces the business to stop and take stock of what’s going on and gets people to focus on the issue instead of just looking at what directly drives the bottom line.”  

Recommendation: Companies must invest in their processes, clarity of ownership (RACIs) and adequate staffing to cover the breadth of responsibility. Cutting corners on any of these three will ultimately result in friction, slowness and worse: increased risk to the company.

Problem 5: Ego

Leaders with too much/unchecked ego tend to make decisions focus on the short-term initiatives/gains or self-promotion rather than long term planning or sustainably reducing risk.

Analysis: Security, privacy and law are all domains that require a significant motivational fit to be successful. Ego can spur motives that do not serve a company well in the long run. Much of my discussion with my contributors circled back to a conflict of personality, largely tied to ego. Ego problems can exist in any function and play out in a number of ways that block progress.

A senior privacy leader in the airline industry shared that leaders with too much ego and the wrong motivations/incentives tend to lack the ability to create and drive enterprise strategy and sustainable operations. Their decision-making process tends to focus on the short-term initiatives/gains rather than long term planning and benefit.

Ego problems are difficult to “cure,” especially when leaders are more senior in the company or have a low EQ (emotional quotient) coupled with a high IQ (intellectual quotient). Big egos tent to lose trust, while personal trust and transparency are critical to a healthy partnership between functions.

Recommendation: Know the players involved and understand their motives. My Six Sigma training and certification included a process called political mapping. It involves diagramming an organization’s key leaders, levels of influence or conflict and dynamics amongst the teams. It enables you to create an informed stakeholder management and communications plan to maximize your chances of successfully moving an initiative forward. I’ve carried this tool (and many others) into my regular toolkit. You may not be able to change leaders, but you can attempt to manage them.

Time is money

No company has time for friction in cybersecurity and privacy. The stakes are too high and customer trust is on the line. The intentions and motivations across cybersecurity, privacy and legal stakeholders are likely coming from a good place. However, communications, understanding, tactics, process and ego can cause significant friction for everyone involved. When this happens, no one wins – especially the company and its customers.

Companies that take a little time upfront to invest in minimizing friction will see their speed increase significantly. If you have experienced challenges and need some “graphite” in your pocket to go faster toward your goal, remember these five things.

  1. Focus on building partnerships
  2. Enhance understanding of technology, use and controls to prevent misuse
  3. Find the right balance between operational goals vs compliance/documentation needs
  4. Drive towards defined, efficient and continuously improving processes
  5. Check egos: manage your stakeholders

Lastly, finding resources that have experience across security, privacy and legal can help you accelerate your efforts to reduce friction. Just like one dad asking another for graphite to reduce friction just before the race, it is never too late!

This article is published as part of the IDG Contributor Network. Want to Join?

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!