Cybersecurity Is Not Solely about Technical Expertise

I recently read an article that a leading consulting firm launched an internal training academy to develop their consultants’ skills so that they can think both business and technology.

It is a good move, as many organisations recognise the challenges in today’s dynamic work environment, especially when they need to integrate newer and younger employees. These challenges often stem from a lack of mutual understanding of the leader’s needs, expectations, culture, processes, and norms. Vice versa, the employees need clarity on their roles, responsibilities, and performance expectations, especially from the business and management aspects. Most new employees may have insufficient exposure to the organisation’s operations, understanding of the industry needs, and market dynamics that hinder their ability to grasp the organisation’s bigger picture.

What does the above have to do with cybersecurity?
A lack of understanding of the organisation’s business and operational system can lead to risking the business in terms of cybersecurity. We all know that cyberattacks are rampant today. They can lead to operational risk and business disruption without a mitigation plan.

While most organisations have cybersecurity policies, effective cybersecurity is more than just about technical proficiency. It requires a deep understanding of how security breaches can disrupt the entire business ecosystem.

How can organisations mitigate this situation?
To help the cybersecurity practitioner assimilate into the business ecosystem, it is essential first to understand the fundamentals of how each organisation operates. Without this understanding, practitioners might run heedlessly, thus overlooking many critical aspects of cybersecurity and its threat.

To grasp an organisation’s structural operation, consider three standard organisation management models, as Julian Birkinshaw and Jonas Riddertrale described in their book Fast/Forward — Make Your Company Fit for the Future.

In this era, employees must be equipped with a deep understanding of how security breaches can disrupt the entire business ecosystem.

How does the Management Model impact an organisation’s cybersecurity?
It takes an experienced individual to assess the organisational structure and determine the management model. Younger and new employees may struggle to grasp this without sufficient experience. Understanding the organisation management model helps one to comprehend how decisions are made, the processes adhered to, the leadership charters, and how organisational culture shapes employees’ motivation.

For instance, smaller and larger organisations operate differently. Smaller organisations may have a more generalised team with individual employees handling multiple tasks and roles, whilst larger organisations often have specialised roles, allowing employees to focus on specific tasks. Therefore, cybersecurity practitioners and professionals must tailor their strategies to the organisation’s size, management practices, and culture to effectively plan, implement, and manage their cybersecurity governance and controls.

The emphasis of cybersecurity tracks should not be solely on technical specialisation in specific domains alone, but understanding the business ecosystems is fundamentally essential. This will enable practi- tioners to communicate with leaders effectively and stakeholders, make informed decisions, integrate security into business processes without disrupting the operations, and, most importantly, protect the organisational assets.

Elsie Low is a Digital Services and Business Management Practitioner and Consultant. She’s trained and specialises in digital transformation and design thinking strategy. She founded Valuelab Consultancy Services, focusing on navigating organisations through a successful digital transformation journey using her comprehensive approach: lead, think, and govern digital.