How to use security to change mind-sets across your organization

EY CIO blog - Yoga illustration

Being a CIO today is about so much more than technological know-how. It is about managing change and engaging people in business transformations. For those CIOs to whom such skills might not come as naturally, what they need is a solid starting point for engagement – an issue on which they have expertise and that has a clear relevance to other functions too – and cybersecurity is the obvious answer.


As cybersecurity shifts from being mainly a technology issue to more of a people problem, as highlighted in last week’s post, CIOs need to do more on changing mind-sets within their organization. The reality is that dealing with cybersecurity is a clear example of why today’s CIO needs to have solid change management capabilities as part of their core skill-set. After all, building a more secure business does not rely on technology alone, but in getting people to think and act differently.

This is a big test of a CIO’s change management skills, yet it also presents a fantastic opportunity to reach out across the business and inspire better behaviors. With this in mind, I’ve set out a few brief points on how CIOs can drive a change in mind-set in their business:

  • Understand the new behavior. You may have a good idea of the behavior you wish to instill, but crystallizing this into precisely where old behaviors fell down and the new destination you need to reach is an important starting point.
  • Set the example. There is no better way to lead change than to provide the example yourself. Implementing change within your own function first will be a huge help when it comes to rolling out best practice to the rest of the business.
  • Make it relevant. People respond to change more positively if they understand why it is important in their role. Take the message to other departments directly, and tailor it to their function so you grab their attention.
  • Acknowledge engagement. When change is afoot, it can be all too easy for people to slip back into old habits. Reinforce the message and its importance by recognizing those who are consistently putting the new behaviors into practice.
  • Link in with other projects. In today’s fast-evolving business environment, other areas of your organization will probably be driving similar cultural and mind-set shifts – whether to cope with a new regulatory climate, or in conducting a digital overhaul. If you can find a way to marry your change agenda with others, it will make the process more efficient for everyone.
  • Build new relationships. As I’ve mentioned in previous posts, few CIOs show much of an appetite for networking proactively. So when good opportunities come along to help them achieve this, they have to be taken. Cybersecurity is a fantastic way for CIOs to open the door to new parts of the business. This could include some old faces along with some new ones, such as the CFO (see more here), General Counsel, regulators, payment partners and hackers.

Who else would you recommend talking to? And what steps are you taking to drive a more security-conscious mind-set across your business? Please share your thoughts in the comments section below.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s