contributed by Akanksha Pandey, Gartner for Midsize Enterprises
Business partners often circumvent information security in the name of faster innovation. In response, IT leaders set up mandatory restrictions. But when both sides have valid concerns, improving communication is the most effective way to accommodate conflicting priorities. Unfortunately, midsize enterprises (MSE’s) struggle with business engagement, citing ineffectual engagement between business and information security among the top 5 barriers to facilitating digital business growth (2019 Gartner State of Cyber Risk Management Survey).
The good news is that MSEs are better equipped to leverage informal interactions and build business trust in security than larger enterprises with more formal processes. A flatter organizational structure and easy access to business partners actually works to the advantage of a midsized enterprise.
Security leaders can learn from their counterparts in sales. Sales leaders who sense and respond to customer needs, or “sense makers,” see four times greater impact than “tellers” in improving buyer confidence (see Figure 1). Similarly, risk leaders can offer guidance to business partners that motivate adoption of secure practices.
So, what should a security leader do to engage effectively with business and become a sense maker? Here are three simple actions to help security leaders maximize the effectiveness of their interactions.
- Communicate in business language. Cut down technical jargon to build business partner interest and understanding of risk. Progressive information security leaders use informal conversations with business partners to conduct information risk understanding exercises.
- Add context to risk guidance. Provide advice on risks business partners are likely to face. Scenario-based discussions help highlight clear action steps at relevant decision points.
- Adopt an open door policy. Use informal conversations to help business partners understand how to be secure both within and outside of the work environment, making business partners feel comfortable to approach security with risk-related queries. This helps position security as an advisor on security related concerns and build trust in security.
“Helping business partners make secure choices within their personal context helps build trust in security as an advisor.”
-Matthew Baker, Director, Information Security, Mag Mutual
Taking a sense maker approach to communication can significantly improve IT security’s relationship with the business community. Make the most of informal MSE org structures and communications to build trust in security. Helping your business partners relate to more secure behavior will drive them to voluntarily reach out to security, improving engagement overall. Access additional midsize enterprise guidance on Gartner.com or tap into our community of Midsize Enterprise Executive Partners to rethink enterprise security for your organization. Can’t access links? Talk to us about becoming a client.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.