contributed by Akanksha Pandey, Gartner for Midsize Enterprises
Business partners often circumvent information security in the name of faster innovation. In response, IT leaders set up mandatory restrictions. But when both sides have valid concerns, improving communication is the most effective way to accommodate conflicting priorities. Unfortunately, midsize enterprises (MSE’s) struggle with business engagement, citing ineffectual engagement between business and information security among the top 5 barriers to facilitating digital business growth (2019 Gartner State of Cyber Risk Management Survey).
The good news is that MSEs are better equipped to leverage informal interactions and build business trust in security than larger enterprises with more formal processes. A flatter organizational structure and easy access to business partners actually works to the advantage of a midsized enterprise.
Security leaders can learn from their counterparts in sales. Sales leaders who sense and respond to customer needs, or “sense makers,” see four times greater impact than “tellers” in improving buyer confidence (see Figure 1). Similarly, risk leaders can offer guidance to business partners that motivate adoption of secure practices.
So, what should a security leader do to engage effectively with business and become a sense maker? Here are three simple actions to help security leaders maximize the effectiveness of their interactions.
- Communicate in business language. Cut down technical jargon to build business partner interest and understanding of risk. Progressive information security leaders use informal conversations with business partners to conduct information risk understanding exercises.
- Add context to risk guidance. Provide advice on risks business partners are likely to face. Scenario-based discussions help highlight clear action steps at relevant decision points.
- Adopt an open door policy. Use informal conversations to help business partners understand how to be secure both within and outside of the work environment, making business partners feel comfortable to approach security with risk-related queries. This helps position security as an advisor on security related concerns and build trust in security.
Taking a sense maker approach to communication can significantly improve IT security’s relationship with the business community. Make the most of informal MSE org structures and communications to build trust in security. Helping your business partners relate to more secure behavior will drive them to voluntarily reach out to security, improving engagement overall. Access additional midsize enterprise guidance on Gartner.com or tap into our community of Midsize Enterprise Executive Partners to rethink enterprise security for your organization. Can’t access links? Talk to us about becoming a client.