Opposites Distract: Successfully Confronting the IT / C-Suite Struggle

For today's business, things have reached critical mass. Not only are we seeing data breaches at every turn, but we're also finding fractured camps at their root—'civil war' within an already raging 'cyber war.' If this sounds familiar, take heart—big problems, both real and perceived, can be worked through and neutralized. It comes down to communication, to going beyond department lines, and focusing on common goals. After all, we're talking about the success not just of a company, but of each and every member.

Hung Up on Tech-nicalities

All too often, an insular approach within departments is the fault line that can lead to large scale rifts. In fact, out of the 24,000+ IT and business professionals surveyed in Tripwire and Ponemon's 2013 study:

• 64% of IT employees either don't communicate security risks with senior executives, or do so only when a serious security risk is uncovered
• 47% say that collaboration between IT and the C-suite is poor, nonexistent or adversarial

Worse still, for those who were proactive in sharing information:

• 61% say that communication occurs at too low a level for it to make an impact
• 59% lament that negative facts are filtered out before news reaches senior executives and the CEO

Obvious problems—So what's the root cause? A majority of respondents say that "the information is too technical to be understood by non-technical management." A 2014 Websense / Ponemon study produced similar sentiments, with 48% of surveyed IT professionals listing executives' "sub-par understanding of security issues" as a major communication killer. This is starting to look like a blame game. So just what is expected of both IT and the C-suite if they hope to prevail?

IT's Personable Business

Let's start by admitting that IT professionals, whatever their position, often feel tragically misunderstood. And at times, worse than that—ignored and under-appreciated. Now, while the communication gap is totally understandable, things don't have to be this way. And thankfully, these "opposites" aren't doomed to forever be at odds; though it will take efforts on both sides of the field. First, let's focus on actionable tips that IT folks can use to break down the divide:

• Do no harm.
  Waiting to disclose critical security pitfalls is not just dangerous, it threatens the company's reputation and bottom line. Early analytics, pinpoint diagnoses and clear explanation can go far to win the C-suite's support.
• Find the baseline.
  Learn what keeps decision makers up at night, and tailor your plea for pumped up security around what matters most—hit home. Help the C-suite to recognize how heavily they rely on the company's technology: e.g. reports, email and client data.
• Drop the fancy talk.
  Jargon and highfalutin techie-speak has no place in a business meeting. Instead, communicate in readily understandable terms—the language of motivation. Demonstrate that you're more than a tech expert, you're a shrewd business professional.
• Get inventive.
  To avoid miscommunication, work with management to create a cross-department cyber "risk language." This technique can be a powerful tool to fight intelligently in today's 'cyber war.'
• Be real.
  Your goal is to motivate listeners to action, so relatability is huge. And by not assuming off-putting airs, you can really get to the heart of the matter, and of your audience.
• Know your 'frenemies'.
  Department heads and managerial staff are NOT your enemies—You're all in this together, remember? True, management and the C-suite will have varied security priorities, so speak to these differences, and groom your team to specialize in cross-departmental learning.
• Make it practical.
  So you have a great persona, and you tell the matter like it is, but when it comes to cost projections and budgeting needs, nebulous talk will undo all the good—and fast. Instead, clearly show how your ideas will affect the company's pockets—both the bottom line, and protection against loss.

It could be easy to be caught up in the "no cost is too much for security" argument. And theoretically, you'd be right. But by putting essential system updates in business terms, you're appealing to the broader needs of the company, and to the baseline of the group that you're hoping will jump on board. That's not selling out, it's actually a really smart move. Because the endgame is the same, regardless of where you sit: Stabilize, secure, and safeguard—from trade secrets and company reputation, to precious client data.

Decision Maker's Mark

Thankfully, timing is prime for both sides to reach out. Media exposés have made us hyperaware of cyber threats, and we're seeing a natural shift among decision makers to view IT maintenance and implementation as an under-tapped source of protection and innovation. And research is bearing this out. A Raytheon / Ponemon survey conducted among IT professionals in various pockets of the globe found growing cyber security awareness among the C-suite to be a "megatrend" for 2015. Reaching through the next three years, "advanced training, more attention from senior leaders and maturing technologies" are positive changes that will effect heightened cyber security readiness. Another happy stat: 64% of surveyed IT leaders see the next three years bringing across-the-board improvements to organizational security. Now that's a feeling to build on. Two birds, one stone, big win for both sides.

So while IT professionals are building bridges to reach middle ground, how can you, as a company decision maker, work toward collective success? Here are some specifics:

• Dig deep.
  Ask yourself: 'Do I really understand the top cyber threats facing my business, and the risks involved? Do I view technology updates as investments in the business?' Honest answers could betray an opportunity to build knowledge.
• Step up.
  Data breach hype has shifted attention and responsibility. This is big time, and as a decision maker, you're sitting squarely in the middle of the fray—so own your role, and take pride in doing it right.
• Be intentional.
  Effective communication is already key to your position, so keep a good thing going and deliberately express your confidence in IT staff. And if you miss the mark? Do damage control. Stay in touch, be aware, and you'll keep the lines open.
• Lead the pack.
  Leading others is what you do. And in this cyber war we're all fighting, it's your examplethat can reshape company culture to be more responsive to IT suggestions and cyber threats.
• Share the load.
  Cyber criminals are hoping—and betting—that communication is compromised, defenses are down. Prove them wrong! Building—and training—an interdepartmental team of representatives to detect and communicate sector-specific cyber risks will raise colleagues to the challenge.

While no one's looking for you to be an IT expert, all eyes will be looking at your attitude toward IT matters. Because like it or not, 'trickle-down' happens. And in the ever shifting tide of cyber responsibility, how you handle company security will make a statement, and set the tone for management and staff. But here's the plus—you're no stranger to responsibility. In fact, you rock it, each and every day. So embrace the fact that your company's reputation and ultimate success have a lot to do with how seriously you take IT suggestions. And allow that reality to educate and inform your decisions.

Re-Viewing Our Focus

Deep breath, we can do this. Because at the end of the day, it isn't about who flexed their muscles more successfully, but how departments came together as a team to combat a common foe. And underneath all the apparent frustration, the truth is that both executives and IT experts are fundamentally interested in what's best for the company.

So whether ours is a business- or tech-centric lens, let's shake things up with a healthy paradigm shift. And as we try to work out our biases and blind spots, we'll come to realize that each others' attempts to better the company are both viable, and valuable. Let's embrace the differences that support a dynamic business, and keep in mind that, while we may be working from different angles, it's all toward the same goal: Protection.