Security is Communication & Stakeholder Management

I often hear security responsibles complaining that they are not being heard and that their topics end up with a low priority. On the other hand, leaders have so many topics to take care of that they most likely focus on topics they understand and that they are convinced are important. These observations can be made in SMEs, huge global organizations and startups.

This leads to two generalized conclusions:

1. The communication from security experts to business leader and stakeholder management is not optimal
2. Security does not have the importance it often claims.

I claim that security is marketing, communication and stakeholder management. You compete with other topics like environmental, health, talent attraction, diversity etc.

What I see e.g. on LINKEDIN for example are

1. People celebrating their new security role, conference attendance or certifications
2. Announcements about breaches and threats
3. Security tools and services I must buy or I will die
4. New regulations I must take care of and of course the related tool and services
5. Security Conferences, Webcasts etc.. I must attend
6. Private live posts

Rarely you see how security really contributed to a business case or how a board was educated.

The same is true if you go to risk or security related conferences. How many business C-Level executives have you ever met there? Most probably not many.

The way forward is:

1. Improve your communication with business stakeholders OR accept that they don’t care about security.
2. Accept that security is not as important as you might believe. It is one aspect in the entire business.