Challenges within Cyber Security from a Leadership Perspective

With the global cyber security market size expected to grow from an estimated value of $173.5 billion in 2022 to $266.2 billion by 2027, new challenges and opportunities invariably arise like with any fast- growing digital industry. Some of these challenges are obvious. As companies become more digital, they leave themselves exposed to newer and more dangerous threats. But what about the people who deal with those threats and safeguard organisations? Skills and talent shortages, issues with employee retention, highly skilled technical workers being promoted to leadership roles without the requisite soft skillset or management training. These are just some of the major challenges the cybersecurity industry is facing. Tony Moroney, Programme Director of the Irish Management Institute’s Leading in Cyber Security Programme, discusses the biggest challenges the cyber security industry is facing from a people and leadership perspective, and how to turn these challenges into opportunities.

 

Creating a culture of psychological safety

Cyber security starts with people. This can be a challenge for those within and outside the industry to grasp, but cyber isn’t ‘just’ about technology – it’s how we think about technology. It’s a mindset, one that must be shared from the board and leadership level down throughout an entire organisation. That is why it’s vital for leaders to instil a culture of psychological safety, where employees feel confident to raise their hands and say they don’t understand something or if they feel an instruction is too complex, where everyone understands their specific role in keeping organisations safe and also what support and mechanisms are in place, all of which moves an organisation to become more culturally aware.

 

From a leadership perspective, instilling a culture of psychological safety has a multitude of benefits, such as increased team performance, a greater number of ideas generated and less workplace conflict. Project Aristotle, Google’s study around how to get the best performance from teams, found that psychological safety and the shared belief that a team issafe taking risks is vital for performance, with team members having confidencethe group will not embarrass, ridicule, or reject a member for speaking up. Other studies have shown the higher each team member’s social sensitivity, or empathy, and the more team members participate, the more effectively a team performs. Failure by leaders to establish psychological safety is behind many corporate failures and scandals. Therefore the need to develop leaders with the right people skills to dovetail their technical ability is vital.

 

Talent attraction and retention

An organisation’s most important assets might walk out the door in the evening (figuratively, depending on remote/hybrid working arrangements), but we’re living in a world where it is increasingly difficult to get staff to walk back through the door the next morning. Within the Irish cyber security sector, high-performing employees tend to move on after 2-3years, while 61% of organisations have personnel-related issues and a further 10,000 cyber security workers are needed in Ireland to plug that skills gap. Remote work throws up further challenges, with employees getting further away both from physical interaction and from connecting with their organisation’s purpose, mission and values – which should be a source of inspiration, a driver of performance and a means of retention.

Solving these challenges from a leadership perspective requires leaders with a different skill set, ones based around an awareness oftheir own leadership style, an ability to become an effective communicator, growthin their emotional intelligence and the skill to cultivate engagement and wellbeing. These learnt skills will drive retention and help deliver desired business outcomes.

 

Translation

There’s an old joke that great golfers don’t make great golf coaches. The same is true within cyber security. Due to talent and skills shortages resulting from the exponential growth of the industry, often times highly skilled technical folk are put into management and leadership positions before they have developed the soft skills required for a management role. Quite often, technical people speak a language no one else within the organisation understands, but they also struggle to understand business language and how to frame and discuss technical issues within a wider business context.

The big challenge is to marry and translate cyber and general business issues, so everyone is talking about the same things with aview to the same goal, which is making the organisation successful, competitive, relevant and safe.

Traditionally, those with the most knowledge were at the top of organisations, something which is no longer true today – being able to orchestrate the spread of knowledge within an organisation in order to drive business growth is far more important. Business leaders don’t need to understand all the details, but they need to understand from a business risk perspective how best to manage their people to improve performance, along with understanding the potential ramifications, risks, and impact on customers and other stakeholders.

For the Cyber Industry to meet its growth targets it’s vital to instil a dynamic, agile and flexible mindset into your team while navigating a world that is hyper-connected, hyper-disrupted, and where today’s business models may not be relevant tomorrow.

But here lies opportunity: those who get it right - who create a culture of psychological safety that permeates throughout their organisations, which attract and retain and value employees, and translate cyber security issues into a wider business context – will be in a more trusted space from a consumer perspective, and therefore win more business, thus turning cyber security from the prevention of the negative into the positive of competitive advantage.

Tony Moroney is in the world’s top 360 Thinkers on Digital Disruption. He directs the Irish Management Institute’s Leading in Cyber Security programme (commencing January 2023) and Diploma in Digital Leadership. Tony has worked across the Cyber Security and Financial Services sector. He is a leading advisor for several Boards and C-level clients in the UK, Europe, the USA, Latin America and the Caribbean on strategy, digital transformation and leadership in a technical operating environment. For further information about the Leading in Cyber Security programme, please contact: [email protected]