Ever wondered why there's such a communication gap between the C-Suite and the IT department? Behavioral science has an explanation.
At Virtual Forge, we've spent hours talking about the communication barriers that exist between the IT department and the C-Suite. In fact, you could say it's one of the biggest threats to an organization's IT infrastructure - a lack of understanding of cyber threats, vulnerabilities, and their potential effect on an organization's operations and bottom line can result in insufficient budget funding and prioritizing, crippling a company's ability to keep their data safe from hackers.
So, when I came across this article in the Harvard Business Review, I had to share it. Alex Blau, a VP at ideas42, laid out a really great explanation for why many executives underinvest in cybersecurity and what CISOs can do about it. Interestingly enough, most of the reasons are rooted in behavioral science and understanding why a decision maker thinks a certain way can help the IT department tremendously by giving them a more productive road map to getting the support and budget they need.
Blau also makes a great point that many CEOs view cybersecurity as a risk mitigation tactic, instead of what it really is: risk management. When you begin to understand how behavioral science explains the actions of individuals, you can begin to understand how they view problems and find ways to re-frame those same issues so that both parties are on the same page.
The article finishes up by laying out four ways that CISOs and the IT department can find workarounds for human bias and target the right motivators in order to get the C-Suite more invested in managing the inherent cybersecurity risks that are within EVERY organization. You can read the full article (along with their great research into the science of why and how executives underinvest on cybersecurity) on the Harvard Business Review website.