If you hold a management role in the cybersecurity area, the chances are high that you read about the leaders' role in cybersecurity and the top-down support approaches. We often read why and what leaders should do and less how to achieve it. In this blog, we want to address four steps that help you increase business leaders' engagement.
As you have a list of cybersecurity priorities, they have their own priorities but are far less related to cybersecurity. One of the essential steps to increase their engagement is to educate them about cybersecurity. Sharing cybersecurity-related articles from business magazines is an easy way to start. Often such articles balance technical and business content, and people with less technical background can consume it easily. This approach also removes the sense of urgency or proof of completion like awareness training. When you follow this approach, don't overwhelm them and look for articles with cases close to your organization. This approach also helps you to follow up on questions if leaders raise any.
Find the right person.
While almost all leaders understand the importance of cybersecurity, not all of them equally think about it. Therefore, you need to find leaders willing to help you drive the cybersecurity topic forward within the leadership group. With their help, you can understand ways to gain other leaders' attention and increase their cybersecurity awareness. Depending on the organization's leadership structure, CIO, CTO, or COO may be the right person to start. Some leaders can surprise you with their willingness or knowledge in the cybersecurity area.
Another essential point is to understand how leaders consume the information. Some like to read the executive summary and have a short live conversation, and others want to read a detailed report. Identify who can help you and how you can help them to engage better.
Keep cybersecurity on the agenda.
The following crucial action is to keep the cybersecurity topic on the leadership meeting agenda. Achieving this is relatively easy if you are a member of the leadership meeting. Ask for a short time slot for the cybersecurity updates. If you are not a member of the leadership meeting, ask people you identified in the above step to invite you to update the leadership team. If the latter, you can be invited to the leadership meeting at a specific time. Once you have cybersecurity in the leadership meeting, you have to update them most effectively. To deliver information effectively, ensure the content is short and specific to the topic with little or no technical information. Often, business leaders are keen to see the progress, whether positive or negative, and action plan.
Acting as a role model.
When you gain good progress with leaders' education and more trust, the next step is to help them demonstrate their commitment to the cybersecurity program. Every organization's leader sends a monthly or quarterly newsletter to all staff. Use a newsletter to address common or frequent issues related to cybersecurity or to increase employee awareness. By adding a cybersecurity topic to leadership newsletters, you help leaders to represent their involvement in the organization's cybersecurity program and raise employee awareness. You also can use such communications media as evidence of the leadership engagement during the audits.
Another practical approach is using leadership newsletters to share the information. Find the team who works on the newsletter and work with them to add cybersecurity topics.
In the end, cybersecurity is everyone's responsibility, but educating others, so they understand their role and responsibilities is a cybersecurity leader's responsibility.