Innovate or Stagnate: Why CSOs Must Embrace an Innovation Mindset

If the last few years have taught business executives anything, it’s that operating in a volatile and disruptive business environment is the norm. Organizations that flex within the waves of disruption go beyond survival: they outperform competitors and create new opportunities for business value and growth. 

The key? Innovation. But how an organization or business leader innovates will determine if the output is a game-changing propellant into the future or the status quo. 

This is particularly true for chief security officers (CSOs) as security teams often fail to innovate because the risk of failure is too high. But the risk of not innovating is even more dangerous—making an innovative mindset a must-have for CSOs.

The innovation mindset paradox

The most effective CSOs understand the importance of an innovation mindset. It fosters creativity, experimentation and continuous learning. And it encourages teams to embrace new technology and look for ways to improve productivity. 

Yet only 22% of corporate security functions have an innovation/R&D line item within their budget, according to The Business Value of Corporate Security report. 

This disconnect can be attributed to what Gartner refers to as an innovation paradox. For example, 64% of non-executive directors on corporate boards claim to be increasing their risk appetite in pursuit of growth. At the same time, only 16% of innovation leaders say their organizations accept a high level of risk with innovation.

Organizations might think they have an innovation mindset, but the reality is many are not comfortable with risk, or they haven’t established an appropriate risk appetite for their business goals.

Build your innovation mindset

As a CSO, you set the tone for the corporate security function and therefore must first look inward before trying to foster a culture of innovation. Do you have an innovation mindset? Do you need to cultivate one? Regardless of the answers, take the time to ensure you understand what an innovation mindset is and how to determine whether or not you are an innovator. 

Start by asking yourself what your view of innovation is. How do you measure it and what resources do you have in place to support it? Then look to external assessments to gain further insights. For example, McKinsey’s test for innovation, which asks a series of eight questions. Here are few to get you started: 

• Do you regard innovation-led growth as critical, and do you have cascaded targets that reflect this? 
• Do you invest in a coherent, time- and risk-balanced portfolio of initiatives with enough resources to win? 
• Do you have differentiated business, market and technology insights that translate into winning value propositions? 
• Are your people motivated, rewarded and organized to innovate repeatedly? 

Once you’ve built your innovation mindset, you can foster innovation within the security function and across the organization in three key ways: embracing new tech, establishing a culture of innovation and creating a process for innovation to occur. 

Embrace new technology

Although today’s CSOs are under increased pressure to improve intelligence capabilities, they and their teams often lag behind when it comes to embracing new technology. But embracing new and emerging technology is an opportunity for leaders to showcase their value to business partners and senior management. 

Think creatively and then make space for that creativity, such as holding brainstorming sessions or providing dedicated “thinking” time. Welcome curiosity and encourage teams to learn about and explore new tech so they are up-to-date on the latest technological advancements. And, allow your team to feel comfortable in suggesting new ways or ideas to apply new technology. 

For example, when looking at improving business continuity, ask your security team to consider what tools would best allow the organization to role play potential outages and test any plans. Imparting the team with the ability to embrace new tech allows members to proffer solutions that might not have been recommended otherwise, such as geolocation tools that help to locate staff in need or virtual travel platforms that facilitate targeted communications in the event of an incident.

Establish an innovative culture 

More than 85% of innovation practitioners report that fear often or always holds back innovation. But only a quarter of organizations understand this fear, and fewer than 11% are doing anything about it.

Innovation can be intimidating. It’s new and challenging, and if the organization doesn’t prioritize inclusivity and openness, it will fail. This includes not getting caught up in a legacy mindset. Nothing derails potential innovation like someone saying, “We have to do it this way because this is how we’ve always done it.”

Establishing an innovative culture can start with small changes like the language the team uses. For example, one organization starts big meetings with a slide that says “It’s easier to edit than to author. Before we iterate, please thank the authors.” Another always hyphenates the word mistakes so that it reads as “mis-takes” to indicate that errors or missteps should be seen as an expected and an important part of the innovation process.

But innovation requires broader strategies as well, such as creating diverse and inclusive teams. “Innovation comes ultimately from a diversity of perspectives,” according to Great Places Work, which defines a culture of innovation as, “one that encourages questions, conversations and new ideas—from everyone.” This includes cultivating diverse interactions, democratizing the innovation generation process and investing in the growth of each team member. 

A critical step is to first determine if the security function, as it currently stands, supports innovation. Reminder: Innovative cultures are, as McKinsey points out, “full of positive energy, creativity, excitement and optimism.”

Develop an innovation process 

All innovation comes with some risk. How much risk you want to take, depends on your risk appetite and tolerance, so be sure to take both into consideration when creating your innovation process. Gartner research on the path to innovation found that, “The most successful innovators take the most risks but also have the most mature innovation processes.” 

True innovator organizations don’t necessarily look for immediate ROI from projects; they often focus on non-financial business priorities like diversity, equity and inclusion (DEI) or sustainability. Yet they know precisely what successful experimentation looks like and how a project moves from an experiment to a proven idea to a scalable business strategy.

These organizations understand that the goal isn’t to make small, short-term incremental monetary gains. That is the hallmark of a less mature innovator. For CSOs, this means tasking their teams to pursue a wide range of projects until they identify one that fundamentally changes the security function and/or all or part of their organization. 

This calls for fostering an understanding of the adage “Fail fast, fail often,” which in an innovative culture actually means fail correctly. For example, if a project fails because it wasn’t evidence-based or the quality of work was poor, it “failed incorrectly.” If a project fails but tests assumptions in the correct order and yields learnings from experiments, it too “failed correctly.”  

When developing innovation processes and parameters, take cues from innovator organizations and consider adopting proven practices such as the aforementioned fail correctly approach or a “no bad ideas” policy. Tip: Make sure you have a healthy dose of patience.

The proliferation of risks today has created an attack surface so large, CSOs are under immense pressure to keep pace and maintain high levels of situational awareness. Those that embrace an Innovation mindset—and actively cultivate innovation within their teams and the broader organization—are better able to problem solve, adapt and pave the way for business growth and resilience.