3 Powerful Strategies for CISOs to Boost their Organizational Influence

In recent years, the CISO role has rapidly been propelled to prominence amongst the C-suite, underpinned by relentless cyber-incursions, intense regulatory security, and the undeniable correlation between cyber-resilience and long-term business and stock performance. Unfortunately, this rapid shift also continues to expose the soft underbelly of most cyber executives, whose technical competences are ill-suited to drive complex change, overcome deeply entrenched cultural inertia, and navigate powerful political establishments.

Study after study shows that success at the top requires CISOs to influence key power brokers, communicate with impact, and rapidly accelerate transformation. Based on my experiences as a virtual CISO and training cyber leaders from dozens of countries who go through the Cyber Leadership Institute, there are three powerful strategies CISOs can wield to effectively enlist the support of senior stakeholders and the board.

1. Like any other important life endeavor, effective stakeholder management requires extreme prioritization and focus. Simply put, not all stakeholders are created equal. CISOs can leverage the classic stakeholder management framework, which classifies stakeholders into four quadrants based on their organizational influence and vested interest in the cyber transformation agenda. CISOs must spend more time nurturing deeper relationships with the High-Influence / High-Interest group, such as the CEO, CIO, CRO, and the Board of Directors. These vital stakeholders can sustain, derail, or even kill the cyber-transformation agenda. Thus, it's crucial for CISOs to tightly manage these critical stakeholders and keep them highly engaged. The CISO must seek these key stakeholders' perspectives from the outset and build a cyber-resilience strategy tightly pinned to corporate goals. When key stakeholders feel engaged, they will go the extra mile and throw their full weight behind the cyber-transformation program.

2. One of the most potent leadership influencing tools is often hidden in plain sight: The universal principle of reciprocity. According to Robert Cialdini, a globally acclaimed psychologist in the field of influence, "People are obliged to give back to others the form of a behaviour, gift, or service that they have received first." CISOs can get important stakeholders on their side by simply giving more than they take. By actively supporting key stakeholders during key decision-making forums, volunteering direct reports to help deliver critical deadlines or simply buying small birthday gifts, those stakeholders are more likely to say “yes” when the CISO requires their support.

3. The CISO role is relatively straightforward: You commit to delivering a set of capabilities within a specified timeframe. You deliver your promises and then inform the Board and the executive team what you have accomplished. But CISOs must actively resist the temptation to rush into execution. Instead, they must acquaint themselves with the lay of the land, technical constraints, and other risks that can derail their mission. Attempting to boil the ocean is a common CISO miscalculation that comes back to bite at a breathtaking speed. When the CISO promises a Lamborghini and delivers a Toyota Corolla, their credibility goes flying through the window. Constantly apologizing for missed deadlines and miscalculations projects a tone of indecisiveness and weakness. Credibility is the currency of the CISO; once it flies through the window, it's tough to recover. Equally important, the CISO must resist the urge to sugar-coat risks because long term credibility depends on the CISOs courage to do what is right, not what is easy.

When done right, influence and persuasion are potent tools for CISOs to gain direct access to the Board, earn a set at the leadership table, and find deeper meaning in their roles. As Sharmila Devi wrote in the Financial Times, "Leadership is no longer synonymous with management. Leadership has to deal with how to influence and drive performance."

For a deeper exploration of this topic, tune into my on-demand webinar: Rising CISOs: How Cyber Leaders Can Effectively Influence Executives and Boards.