The connection between cybersecurity and strategic goals may seem like an odd couple. How is cybersecurity supposed to help an organization meet its objectives? It may not touch every aspect of a business, but it greatly impacts some key areas, including digital transformation, big data analysis, automation, and technology optimization. Without a strong cybersecurity core, these big-picture goals won’t come to fruition.
All these things (and more) have technology implications, which means cybersecurity has to be at the table to accomplish these things. Often, cybersecurity is not, and even if they are, some people will argue that security gets in the way of innovation. It’s a false statement, but, unfortunately, one that enterprises experience.
What many people miss is that cybersecurity is a support industry. The definition of the term is the pursuit of protecting data, computers, and networks. It should be an enabler for the company and, in this case, a strategic enabler to accomplish initiatives.
Because of the complexity of the subject and these misnomers about cybersecurity, this topic is timely and necessary to discuss. We’ll review the how and why and look at some specific industries and the marriage between cybersecurity and strategic goals.
How Can Cybersecurity Support Strategic Goals?
The most critical aspect of cybersecurity supporting strategic goals is alignment. However, they often happen in a vacuum. Cybersecurity may not be privy to goal setting if the business areas don’t share information or get feedback from cyber leadership.
Cyber teams may also set their own goals without understanding the business perspective. For example, business needs digital transformation to occur to speed up processes and replace legacy systems. Cybersecurity certainly needs to be part of this discussion. If they aren’t, things can go sideways quickly. The business then puts pressure on your team to do the work, but they haven’t accounted for lots of things. Your people then become frustrated and angry.
This is not the situation you want playing out in your organization. So, the first step is having a cooperative relationship where all stakeholders get to weigh in on goals. If you can get to this point, cybersecurity can be the support it needs to be.
What Can an Organization Achieve When Cybersecurity Supports Strategic Goals?
Once you have alignment on the goals, cybersecurity becomes an enabler of strategic objectives across the enterprise. Here are some examples of goals you can reach.
Digital transformation is integrating technology into the business to drive operational efficiency and improve processes. The payoff for digital transformation can include greater productivity, fewer errors, revenue generation, and cost reduction. However, digital transformation often brings with it greater cyber risk. In fact, 82% of technical professionals said it was the cause of a data breach.
You can mitigate much of this risk when cybersecurity is a component and priority in digital transformation. With this alignment, your organization can make substantial progress in digitally transforming itself.
Some of the big digital transformation goals that cybersecurity can support include:
- Integrating automation into processes on the back end and front end
- Using AI tools to analyze data for better decision-making
- Aggregating data from multiple systems, including legacy ones
- Streamlining workflows
Another objective is technology optimization, which describes the upgrading and improving of all digital assets and processes. Reaching this goal requires a focus on efficiency, cost reduction, and improved workflows. Your cyber team would typically lead these efforts, but they also must have insight into the business needs for technology.
Upgrading technology because it’s the latest thing may be the mindset of technical folks. It can have a massive impact on the business and users. So, again there must be cooperation among all stakeholders. When there is, you can strategically determine what needs to be optimized now and what needs to remain as is.
Now, let’s look at specific industries and how they handle cybersecurity and strategic goals.
Healthcare Strategic Goals and Cybersecurity
The healthcare industry has a host of technology gaps, but there is significant pressure to bridge these because it’s such a target for hackers. Healthcare does fundamentally understand the need for cybersecurity. While awareness is broad, there are still missed opportunities for cybersecurity to support strategic goals.
So, what’s the real problem? It often comes back to people. It’s not that cyber professionals don’t understand the complexity of risk and how it may impact objectives. It’s that they don’t communicate this clearly in a way that the business side understands.
The C-suite, and the company as a whole, need to comprehend fully the “why.” For example, hospitals are now almost mini data centers, with IoT medical devices across the facility and employees using EHRs (electronic health records) and other software to “run” the place.
The strategic business goal could be to add more devices with new applications or migrate legacy data to a new EHR. It sounds simple enough, but it’s very complex due to security and compliance measures. That’s when cybersecurity needs to speak up about what can happen if. The cyber and business teams need to work together and create a specific plan to implement this with security top of mind.
Another example would be goals around incident response and management. On the business side, the objective will always be to eliminate as much downtime as possible. They have concerns for patients and the organization’s reputation. Your team is in charge of incident response and should continue enhancing it with things like penetration tests and monitoring. Cybersecurity must admit to leadership that eliminating all risks is impossible. Then they need to explain how they’re evolving the plan to account for new factors to minimize the threat of downtime.
Manufacturing Strategic Goals and Cybersecurity
Manufacturing has been embracing digital transformation, automation, and data analytics for some time. The business objective often focuses on Industry 4.0. Manufacturers want to collect more data with IoT devices regarding machine performance, quality control, and productivity. This is a vertical that may not always consult cybersecurity.
Creating a digitized manufacturing floor is great for profits, but it dramatically expands the threat landscape. Cybersecurity needs to be architecting these projects. Without a security angle to achieving digital transformation, the risk overshadows success.
Financial Services Strategic Goals and Cybersecurity
As with healthcare, finance must abide by many regulations regarding user data. They are also a big target for hackers. Many large banks have large cybersecurity teams to play defense. For financial institutions to achieve goals, such as improving the user experience for customers and integrating AI tools into databases to identify fraud, they need cybersecurity.
Cybersecurity should work parallel with developers and others on the business side to design security-first systems that offer the functionality needed. Cyber teams must be diligent in pointing out areas of risk at the moment, not as an afterthought.
We’ve looked at three different industries and the goals they want to achieve. What’s the same for all these? It’s the people and the need for communication, collaboration, and cooperation.
People Are Key to Achieving Goals
The people in cybersecurity are your greatest assets. Sometimes, they can be a weakness too. In each of the examples above, we discussed how cybersecurity must be a support industry and team player to facilitate business goals.
That can’t happen unless your team can communicate risks and opportunities effectively. They can’t posture and tell the business side that they are “wrong” about everything, which would create distrust. Instead, they need to be able to talk about concerns in the frame of the strategic goal and what their plan is. To do this, your people have to be good listeners and use people skills. They also have to work collaboratively and not in a silo.
While these things sound easy, they aren’t. Technical folks often struggle with soft skills. It’s not because of the stereotype that they’re introverts and only think in terms of ones and zeros. Rather, behaviors that they cling to have a lot to do with fear of being wrong or not knowing the answer to a question. They crave to be the smartest person in the room, and it creates a wall between them and the business side.
Breaking down this wall requires a new approach to transforming staff into highly communicative and collaborative people. It won’t happen overnight, and you and your employees must commit to it. It’s about cultivating a culture of honesty and transparency so everyone is on the same page.
So, how do you do it? Realizing that people need guidance here led me to develop the Secure Methodology™.
The Secure Methodology Transforms Cybersecurity into Goal Enablers
The Secure Methodology includes seven steps to transform technical people into better communicators and collaborators. It goes deep into things like motivation, perspective, and mindset. With this framework, you have tools to encourage your team to develop soft skills. The process can take time, but it’s worth the investment if you want cybersecurity to be a goal enabler.