10 reasons why today’s cyber leaders are tomorrow’s world leaders

Author: Francesca Bosco, Project Lead, Cyber-Resilience, Centre for Cybersecurity, World Economic Forum & Rebekah Lewis, Project Lead, Governance and Policy, Centre for Cybersecurity, World Economic Forum

Throughout the world, unprecedented levels of innovation, interdependence and change call for strong and ethical leadership. In this promising yet volatile context, a leadership vacuum poses a real threat to global stability and prosperity. Can we look to non-traditional sources for the kind of leadership needed to deliver on both the potential and the challenges of our time?

Professionals in the field of cybersecurity develop many of the leadership traits needed in the broader global context. Considering the speed of digital evolution and its impact on global transformation, emerging cyber leaders are among the most likely candidates to fill the growing global leadership gap.

Responsible cyber leaders possess many of the transversal core competencies required for global leadership, including:

1. Extensive knowledge and a broad skills base

Strong leadership in cybersecurity requires a broad knowledge base and diverse skill sets. Senior executives responsible for cybersecurity must understand both the internal workings of their enterprise — its assets, processes, business objectives, risk management strategy — and external factors, including bilateral and multilateral relationships, regional and global systems, and world events. All these may have direct, indirect or ripple effects on their organization’s cybersecurity posture.

This is in addition to the large number of professional skills in which they have demonstrated proficiency, from data-driven analytics to people management. Beyond these, the ability to maintain and strategically leverage a broad and diverse set of knowledge and skills is critical to leadership on a global level.

The nature of cybersecurity forges leaders with a forward-looking, anticipatory mindset and openness to new trends and technologies. With the accelerating pace of technological change and the consequent interconnectedness of society, skillful management of near-term risks and opportunities are vital to maintaining a strong cybersecurity posture, whether defending against a particular variant of ransomware or implementing best practices in third-party vendor management.

Robust cybersecurity leadership also calls for savvy anticipation of the potential impact of larger developments, such as artificial intelligence, quantum computing or the growing tensions between data localization laws, as well as of unexpected and sudden changes, such as the dissolution of a strategic partner company, a natural disaster or the propagation of a global cyber attack.

In the cyber field, knowledge and understanding are important, but they are not solely enough to lead. The ability to differentiate pertinent, actionable information from background noise is essential. Like leaders on the world stage, cyber leaders are constantly inundated with a high volume of diverse inputs, from external and internal sources alike.

They need sharp acumen in distinguishing inaccurate or even fake information from that which is relevant and real, and provides a sound basis for decision-making. Successful leadership in both cyberspace and on the world stage must be quick to understand the contextual nature of continuous information, clearly distinguishing the valuable from the extraneous, the authentic from the fake, the urgent from the latent and the high-impact from the low-grade.

4. Capacity to identify cross-cutting strategic issues

Cyber leaders need to be astute at identifying common themes and pursuing important questions and gaps across vast quantities of information. A cyber leader, for example, must be capable of assessing and managing an organization’s security posture based on numerous elements — statistics, reports, briefings and discussion. Assessing these, they must build and continuously adapt their strategy for maintaining and improving the organization’s security posture, as measured across numerous vectors. Beyond their immediate objectives however, cyber leaders must also extrapolate from those inputs larger themes that can inform more strategic findings and recommendations for future progress, highlighting challenges. For example: Do issues impacting cybersecurity, such as poor asset management, indicate broader management deficiencies that represent strategic, enterprise-level areas for improvement? Is the organization’s inability to enforce third-party security requirements symptomatic of larger issues related to its market leadership?

Effective, efficient and agile cybersecurity requires a unique kind of persistent curiosity and thinking to evaluate information in the context of larger themes and strategy.

Cyber leaders must act effectively, responsibly, decisively and quickly in times of crisis. Cyber incidents vary in scale and kind, can occur at any time. And no matter how extensive the preparation for mitigation, there are always unknowns. Managing a crisis typically requires balancing competing interests, relying on incomplete and evolving information, and proceeding with response despite ongoing damage and degradation.

In a cyber crisis, most often under immense time and other pressures, cyber leaders must be able to evaluate information quickly based on its source, reliability, accuracy and relevance; identify and evaluate alternative (potentially unconventional) courses of action; and make impartial, optimal decisions, unaffected by individual or segmented interests.

6. Sound ethics and integrity

The complexity and expansive scope of cyberspace challenges leaders with diverse and unprecedented ethical dilemmas that can have highly tangible and, increasingly, physical implications. In addition, the sensitive nature of cybersecurity issues means that decisions in this space are often based on classified, confidential or proprietary information that cannot be shared widely. Responsible cyber leaders must possess a solid internal compass and the fortitude to make difficult, potentially unpopular decisions.

Strength of character is also required to pursue ethical paths in the face of potential short-term reputational harm (either to the individual or the organization) and pushback from other stakeholders. Moreover, cyber leaders must have the experience and judgement to make difficult decisions in a closed-circuit environment, where confidentiality requirements may limit their ability to confer fully with mentors and external communities when making critical decisions.

7. Balancing details and the big picture

Organizations are increasingly recognizing cybersecurity as a separate and distinct function in their structure, requiring both dedicated full-time employees and a clearly designated, accountable senior executive. The nature of cybersecurity however, concerns wide-ranging responsibilities and touch points (e.g. finance, operations, legal, human resources, insurance, physical security and vendor management) not limited to specific or “traditional” cyber-related functions such as information technology alone. In this potentially boundless portfolio, effective cyber leaders must be able to distinguish between areas in which they need to possess only surface-level awareness, develop a conversant level of knowledge, or delve to deeper levels of nuance and complexity.

To differentiate these knowledge levels effectively, leaders must be skilled in obtaining the right information and understanding how to build and leverage relationships with relevant teams, both internal and external. Since they cannot be experts on the entire broad spectrum of potential issues impacting their responsibilities, cyber leaders must constantly adapt relationships and hone their ability to zoom in or out from details to big picture on a case-by-case basis.

Cyber leaders cannot achieve their goals alone. They must know how to delegate specific tasks and, in some cases, authority, to achieve larger goals and foster team growth and development. Cyber leaders, like world leaders, must know how to allocate and distribute team responsibilities and accountability equitably, as well as evaluate team goals and output. On the other hand, both cyber and world leaders need to identify and prioritize aspects of their leadership role that cannot be delegated, such as developing relationships, performance management, strategic thinking and decision-making.

9. Consensus building and decision-making

Cybersecurity leaders regularly work in complex circumstances involving different types of professionals, in a range of specialized areas such as legal, marketing, communication and information technology. Within an organization or ecosystem, cybersecurity cannot be solved by any single actor; all entities are involved. Effective cyber leaders must be able to adapt and modulate their language and approach to various audiences and registers in order to facilitate a common understanding of complex and difficult situations, and build consensus around specific courses of action.

Like world leaders who must communicate with and between diverse groups, cyber leaders must recognize instances where specific terms or entire narratives may be a source of confusion or divergent understanding. They must serve as a translator for different stakeholder profiles to set the stage for more efficient and effective decision-making. In such a context, cyber leaders must also rely on persuasion and negotiation, often in particularly challenging environments (for example, in relation to crisis management). Successful cyber leaders must frequently build, develop and extensively practice these translating and negotiating skills, which are also fundamental for leadership on the global stage.

10. Maximizing workforce potential

Cyber leaders must stay in front of a rapid and exponentially changing technological landscape that brings both significant opportunities and vulnerabilities. To do so, they need to prioritize hiring a highly skilled workforce, improve talent retention and facilitate efficient re-skilling. To find and retain the very best talent, cyber leaders must implement policies that create more performance-based, diverse and inclusive work environments, including by implementing merit-based evaluation and reward systems based on accountability and transparency.

In other words, effective cyber leadership demands a renewed focus on meritocracy, diversity and inclusion in the cybersecurity environment. Similarly, to attract and retain the best teams, world leaders must assess diverse talent pools with multifaceted skill sets (both technical and human), venturing beyond traditional career paths for well-defined professions, and establish solid merit-based mechanisms to cultivate and promote a high-performing workforce.

Today’s cyber leaders are not only well-equipped to lead on a global scale, navigating extremely complex situations, and employing hard and soft skills to create more resilient and secure societies in terms of processes, technology and people. They can also provide much-needed inspiration for what new world leadership could and should be.

Originally published at http://europeansting.com on July 3, 2019.