2020 was a year punctuated by risk, and security leaders at many companies found themselves suddenly thrust into the spotlight, taking action to maintain business continuity. As they look ahead, many of these corporate security leaders find themselves with expanded budgets and a stronger mandate to improve business resilience.
The modern risk landscape is more complex today than it’s ever been. Companies need to not only survive change, but thrive in change. Security leaders can lead the charge by adopting the following four crisis leadership behaviors: understand the increasingly complex nature of the risk landscape, adapt playbooks in real time, embrace organizational change management, and develop skills under stress.
Let’s take a closer look at each.
Every company faces a unique surface area of risk, and a fundamental skill for high-performing security leaders is understanding the true size and scope of their organization’s risk.
Risk is global—not only do you need to understand the threat landscapes in every region you’re operating in today, you need to understand the threat landscapes for your supply chains and your business partners. Many of those global risks can be measured, managed and mitigated.
Separately, every company faces universal systemic risks that are far more difficult to plan for, such as climate change, hyperconnectivity, pandemics, economic uncertainty, political instability and cybercrime.
This increasingly complex network of risk will require leaders to identify operational blind spots and take strategic action to close those blind spots.
In the past, security teams identified a list of probable risks and built playbooks to respond to those risks. When a crisis occurred, they dusted off those playbooks and executed a command and control structure to return the business to its status quo. Once the crisis passed, security leaders would order a root cause analysis and implement a change program.
Today, returning to the status quo is no longer good enough. The speed and complexity of change within the modern, globalized business environment means that for anything other than localized, discrete operational glitches, by the time the organization recovers from a crisis, studies the crisis and makes changes, it will be out of sync with the current state of its operating environment.
Security leaders need to continuously advocate for operational evolution in the face of the constantly changing nature of risk. Companies that don’t keep pace with their environments risk rapidly becoming obsolete.
Security leaders need to challenge the status quo and implement rapid and effective organizational change. This requires hard skills, such as situational awareness, and the ability to manage complexity, make decisions under pressure, and communicate effectively. But challenging the status quo also requires behavioral competencies: charisma, strategic thinking, emotional intelligence, adaptability, flexibility and personal resilience.
Modern security leaders who construct a compelling and emotionally engaging vision for the post-crisis future and build organizational support for that vision will emerge as transformational leaders.
Security leaders know just how easy it is to get buried in the many details of a corporate crisis. If they enter a crisis unprepared, they’re more likely to choke under pressure, and focus on unnecessary tasks.
Stressed leaders can also become too focused on their performance—becoming anxious and self-conscious, which can lead to an error-prone, defensive mindset.
The modern security leader needs to develop a range of hard and soft skills, and crucially, the ability to stay calm under pressure. They must adopt the right leadership style, role-model the right behaviors and practice making tough, strategic decisions in a realistic environment to succeed.
Learn more about about why chief security officers (CSO) need to evolve into crisis leaders.
Helen Sutton is Senior Vice President of EMEA & APAC Sales at Dataminr. She has 20 years of experience in enterprise software across multiple industry sectors. Prior to joining Dataminr, she held several sales leadership roles, including those held at Splunk, DocuSign and SAP.