Gartner recently released a fantastic keynote about managing cybersecurity and it resonated with the work we do to lead change successfully:
1. Resistance is like Ransomware: There is ALWAYS risk of an attack.
Part of my consulting work involves teaching salespeople how to sell more effectively. In the technology industry, I coach them to never say they can eliminate risk. The best we can do is mitigate the risk.
Equally, during change, there is always risk of resistance. And while all of our planning and actions are aimed at reducing resistance, we never fully eliminate it. There will always be some percentage of the population that are naysayers or fearful about the future. As Tim Ferris said, “Expect it and treat it as math.”
2. Resilience comes through intention, not adrenaline.
I love this line and plan to quote it often.
Effective change cannot require superhuman people running from one emergency to the next when the pace of change (and cyberattacks) is increasing dramatically. Project bouncing is not sustainable when so many IT and change people are experiencing burnout.
Resilience requires forward planning, which brings us to…
3. We need Prevention, Response, and Recovery.
Cybersecurity leaders aim for zero tolerance for failure. Prevention at all costs. Not only is that unrealistic, it’s a demotivating mindset. The attacks will come, and some will be successful. In change, history demonstrates that some projects will fail.
Prevention is important. We use proven change approaches to prevent failures. That’s good. But Response and Recovery are even more important!
Because our environment changes so rapidly, prevention is less important than our speed of adaptation. Organizations that are successful at leading change are constantly sensing and responding to whatever is thrown their way. As much as possible, they predict where the next wave of change is coming from, and they work to equip their team members to adapt with speed.
No organization can fully prevent a cyberattack. No organization can slow down the pace of change, prevent resistance, or avoid every failure. Maximizing our response capability – our resilience – is key.
Thoughtfully yours,
Jeff Skipper