A silo mentality is defined by the Business Dictionary as “a mind-set present in some companies when certain departments or sectors do not wish to share information with others in the same company.”
Although cybersecurity attacks and data breaches have become one of the biggest threats to businesses over the past several years, because cybersecurity is a relatively complex topic and a part of business that isn't directly tied to generating revenue, there’s often a disconnect between the boardroom and the IT room, resulting in cybersecurity silos.
Why do Cybersecurity Silos exist?
Because of the unique role we play at CyberMaxx, we often get an inside look at the disconnect between leaders at the board level and those doing security—and it goes both ways.
Typically, IT professionals who are responsible for day-to-day security and data management are so focused on technology that they sometimes miss the broader business initiatives an organization is trying to achieve. At the same time, leaders at the board level rarely have an understanding of the challenges and issues that are required for protecting against cyber threats.
As a result, many businesses end up developing cybersecurity silos between their boards and those responsible for managing the security systems. So, what can we do to start mending the disconnect between board directors and security teams? Here are a few basic principles that can help.
What can teams do to break down the Cybersecurity Silos?
Breaking down cybersecurity silos isn’t always easy. However, for those managing day-to-day cybersecurity tasks and resources, it’s important to help connect what you’re doing to the larger business objectives that senior-level leaders and board directors care about.
Rather than focusing solely on technology and data management best practices, identify the KPIs (key performance indicators) that communicate how the company's cybersecurity function is performing. By providing board directors with metrics that matter most and showing progress in those areas over time, you’ll make significant strides in making the case for the important work you’re doing and the resources you need to do it.
What can board leaders do to break down the Cybersecurity Silos?
As cyber threats continue to rise, senior-level leaders and board directors should begin to educate themselves about the challenges and risks of cybersecurity and try to breakdown cybersecurity silos.
While you don’t need an in-depth knowledge of all the ins and outs, understanding how to manage cyber risks from the boardroom to the cybersecurity team is essential. Aileen Alexander’s talk on Managing Cyber-risk: Unlocking the Boardroom gives great insight into how to break down cybersecurity silos.
Take time to develop processes that support data security in the same way you would map any other business risk. Many boards are making this a priority during their meetings, adding it as its own agenda item two to three times per year.
At the end of the day, it’s important for the boardroom and security team to work together at protecting the bottom line. Cybersecurity is a risk management priority, which is one of the primary roles a board plays for any business.
Another approach is to partner with a managed security service provider who can serve as an extension of your team. MSSPs are well-versed in efficiently and effectively managing communication between executive leadership and security leaders -- plus, they can provide all of the reporting and data needed to prove the value (and criticality) of the role cybersecurity plays in business.