Toxic security leaders not only jeopardize the success of their team and increase employee turnover, but they also expose their organizations to heightened risks through their behavior, argues Forrester analyst Budge. “When the team is caught up in mutual blame and internal intrigues, work is left undone. One can certainly argue that a toxic CISO also represents a cyber risk,” she explains.
A significant issue with toxic CISOs is that the root of the problem lies within themselves – a realization that can be difficult to come by. Nicole Turner, founder and expert in workplace culture and leadership coaching, experienced this shortsightedness firsthand during one of her leadership training sessions. “A non-security executive felt that his department heads needed leadership tutoring and booked me for a seminar. As conversations unfolded with his employees, it became clear that this executive was actually a much bigger problem than anything else. The irony of it all,” recalls the consulting agency owner.
Turner also empathizes with CISOs who become blind to their own faults. “It’s true that it can be lonely at the top, especially in a competitive environment. Security leaders have few people to confide in. They are executives and often feel uncomfortable approaching their colleagues with problems. This is often because it’s unclear who can be trusted. They can’t turn to the CEO either – for fear that it might negatively impact their standing,” she explains.
With the pressure of keeping their organizations secure, CISOs may prioritize short-term fixes over long-term strategies. This can lead to a toxic work environment where blame-shifting and power struggles dominate, ultimately hindering progress and leaving vulnerabilities unchecked.
To combat toxic leadership in the cybersecurity realm, organizations must foster a culture of accountability, transparency, and open communication. Establishing clear reporting structures and promoting a supportive environment where employees feel comfortable raising concerns can help mitigate the risks associated with toxic behavior.
Ultimately, addressing toxic security decisions requires a shift in mindset and a commitment to fostering a healthy workplace culture. By recognizing the impact of toxic leadership on both the team and the organization as a whole, CISOs can take steps towards building a more resilient and secure cybersecurity strategy.