Cybersecurity Threat: A Puzzle with Many Pieces

 The threat of cyber-attacks is finally being taken seriously by most organizations of all sizes now, but the key to managing risks isn’t necessarily in having the latest countermeasures or a beefed-up IT staff.

According to a survey by Zurich North American and Advisen released last week (Oct. 27), more organizations are aware of the risk of a cyber-attack, and want to do “something” about the risk, even they don’t really know what that “something” is.

But here’s what really struck me when I read the survey: Nearly all the companies surveyed (97 percent) clearly recognize the importance of collaboration between their risk management and information technology (IT) departments on issues related to cybersecurity.

Erica Davis, head of specialty errors and omissions insurance for Zurich North America, told PropertyCasualty360.com in an interview that “We most often find IT taking the lead on data breach awareness and the general counsel taking the lead on privacy awareness. The trend we are encouraged to see is the increased appreciation of how cyber risk education and response need to be a multi-departmental approach and they have to be embedded into the organization’s culture.”

This is starting to get to the heart of the matter. Effective cybersecurity means having the right people — from all across your organization — in the right roles, which is the foundation of the Belbin Team Roles methodology.

A truly effective cybersecurity operation will use a team with representatives from the IT department, the business operations staff and employees from throughout the organization. And for that team to be most effective, its members must possess a balance of people who have some combination of the Nine Team Roles identified by British researcher Dr. Meredith Belbin: Resource investigators, monitor evaluators, coordinators, plants, shapers, teamworkers, implementers, completer/finishers and specialists.

If your cybersecurity team has too many — or not enough — of these roles, the team will fail, and could leave your company exposed to cyber-attacks that will cost you proprietary information, customer data and, potentially, your organization’s reputation.

Results from another survey published earlier in October, this one by ESG and ISSA, on the “State of Cyber Security Professional Careers,” come to this conclusion: “Internal relationships need work.”

“While many organizations consider the relationship between cyber security, business, and IT teams to be good, it is concerning that 20 percent of cyber security professionals say the relationship between cyber security and IT is fair or poor (surprising given that 78 percent of cyber security professionals got their start in IT) and 27 percent of survey respondents claim the relationship between cyber security and the business is fair or poor. The biggest cyber security/IT relationship issue selected relates to prioritizing tasks between the two groups while the biggest cyber security/business relationship challenge is aligning goals.”

Training employees in the Belbin Team Role mythology gives your employees a language that allows them to appreciate each other’s team contributions, avoid conflicts and meet their goals.

The cybersecurity threat is a puzzle with many pieces. Belbin Team Roles can help those pieces fit together properly.

If you are in Dallas for the ISSA International Conference, I’ll be presenting on Belbin Team Roles in the context of cybersecurity teams on Thursday, Nov. 3, from 2:30 p.m. to 4:15 p.m. in Room Cumberland G at the Hyatt Regency Dallas. #Belbin #ISSAConf