14 July 2022

Why leadership competencies are crucial in cybersecurity

As cybersecurity has reached the top agenda in organizations, it poses a new pressure and challenge on the role of cyber managers. Happening over a short time, many are not yet used, nor trained, to navigate the corporate attention and stakeholders.

Not to underestimate the pressure on their cybersecurity teams.

In this new arena, managing the technical discipline of cybersecurity no longer suffice.

Cybersecurity has become an integral part of the business, and with that they become part of a new corporate language, logic, and landscape of important decision-makers. In addition, cyber managers’ ability to maintain, build and develop teams of extremely focused and diverse specialists has become central to their responsibility as their organizations grow – yet an increasingly difficult task.

Leadership competencies are therefore more than ever becoming crucial for cyber managers’ success in leading both downwards, upwards, and outwards. Here are three good reasons why:

1. Cybersecurity is no longer an one-man army

As cyberteams are growing, people management becomes a central responsibility. Leading a group of high-performing specialists (and introvert personalities) working under pressure to protect against unknown threats, requires present, but also direct and visible, leadership.

The ability to not only build but nurture and develop cyberteams will equally be crucial to retaining key talent as the market for talent is highly competitive. It is a group of people that almost on daily basis receive job offers. Studies also show that culture is climbing the list of CISOs top responsibilities, where they are expected to spend more time on human-related matters, than on tech-related matters.

2. Cybersecurity has reached top management

This has exposed cyber managers to top management and a corporate political arena, which requires strong communication and convincing skills. There are no established frameworks for reporting cybersecurity on the executive level, that require more of the individual ability to convey the message – “a message is only as good as its messenger”.

It is up to the cyber manager to define the KPIs, translating complex and comprehensive information into clear points and business risks. The ability to present and communicate becomes key for the executive board and directors’ understanding.

3. Cybersecurity is a cross-functional discipline

In line with the increased digitalization, cybersecurity becomes an unified part of all business functions –affecting processes and users in all organizational corners and levels, which is why cyber managers now find themselves working with project and change management. This cross-functional discipline requires leadership competencies when engaging stakeholders or external partners, especially considering the lack of direct authority in the process. It becomes necessary to navigate different agendas of stakeholders to obtain the necessary mandate with key decision-makers.

It is an underestimated challenge for cyber managers. Especially since cybersecurity over time has been connected to being costly, limiting, or controlling.

What is the transformational task facing cybersecurity leaders today?

Because cybersecurity is multifaceted and integrated part of the whole business, it goes by saying that so must its leaders. The challenge is that they are not all there yet. Morten Dichmann Hansen, CISO in Copenhagen Airport, points out the need for cyber managers to excel in disciplines that goes beyond their deep professional knowledge:

It is not enough to be competent within the cybersecurity field. Being a cyber leader involves people management to understand the different profiles in your team, budgeting, stakeholder management, navigating the communication towards executives – the importance of these surrounding tasks is not to be underestimated

Morten Dichmann Hansen, CISO CPH Airport

As headhunter and co-founder of the new cyber leadership education CISL, Camilla Treschow Schrøder also sees the real transformation for the cyber manager is moving past this specialist mindset. The pitfall for new managers and managers with specialist backgrounds is ending up in micromanagement. Instead, they need to empower and trust their people to do the job. This transformation is also crucial in communication:

Cyber managers are both enriched and burdened from their specialist knowledge. They need to learn how to convey the essence in order to be impactful – this discipline is one of their greatest challenges

Camilla Treschow Schrøder, Headhunter & Co-founder CISL

The focus on developing communicational skills is also recognized within consulting, where Ebbe Petersen, Director of Cybersecurity & Compliance Consulting in NNIT, highlights the increasing need to bridge cybersecurity with business:

The biggest transformation lies in their ability to select and translate technical information into what it means for the business. The most important thing is to understand your audience. Communication at the management level is about sticking to the facts and getting straight to the point based on balancing the company’s business goals and digitalization strategy, risk profile, existing security budget and willingness to invest – and this is a major challenge for many…

Ebbe Petersen, Director of Cybersecurity & Compliance, NNIT

It is Camilla’s experience that many managers with a consulting background find it easier, or more natural, to step into leadership, as being a good consultant requires strong communicational skills. This is also the reason why the management consultant company Kopenhagen Konsulting plays a central role in the CISL leadership education.