Toxic security leaders not only jeopardize the success of their teams and increase employee turnover, but they also expose their organizations to heightened risks through their behavior, according to Forrester analyst Budge. “When the team is preoccupied with blame and internal intrigues, work is left undone. It can be argued that a toxic CISO also poses a cybersecurity risk,” she stated.
One significant issue with toxic CISOs is that they themselves are the core problem – a realization that is often difficult to come to terms with. Nicole Turner, founder and expert in workplace culture and leadership coaching, witnessed this shortsightedness firsthand during one of her leadership training sessions: “A non-security executive felt that his department heads needed some leadership coaching and booked me for a seminar. As the conversations unfolded, it became apparent that this executive was actually a much larger problem than anything else. The irony of it all…,” recalled the owner of a consulting agency.
She also empathizes with CISOs who turn a blind eye to their own mistakes: “It’s true that it’s lonely at the top – especially in a competitive environment. Security leaders can hardly confide in anyone. They are executives and often do not feel comfortable approaching their colleagues with problems. This is partly because it is unclear whom they can trust. They cannot turn to the CEO either – for fear that it could have a negative impact on their standing.”
In conclusion, it is crucial for organizations to address toxic security decision-makers and promote a healthy work environment. By recognizing the impact of toxic behavior on teams and the overall cybersecurity posture of the organization, steps can be taken to mitigate risks and foster a culture of collaboration and trust within the security leadership. Ultimately, creating a supportive and positive workplace environment is essential for long-term success and resilience in the face of evolving cybersecurity threats.