The Call for Chief

Security Officers
to Become
Crisis Leaders
Why CSOs are evolving from crisis managers
to crisis leaders
While securing their organizations has always been the role of chief security officers (CSOs) and
their teams, the current ever-evolving threat landscape has thrust CSOs into a new spotlight—one
that requires them to be as much of a crisis leader as they are protector.

Why? Because the COVID-19 pandemic has underscored the need for organizations to build
operational resilience for today and tomorrow. As such, today’s CSOs have expanded mandates
and are more focused on improving business resilience. To ensure their organization can thrive
amid disruption and uncertainty, they must move from managing to leading crises. Here we
explore three ways CSOs can do so effectively.

Delegate and communicate effectively

During high tempo and disruptive events, CSOs must communicate multiple messages—up, down
and across the organization—at pace and often with incomplete or ever-changing information. While
attention must be paid to mitigating the immediate risks, resist the urge to micromanage.

A crisis leader’s superpower is delegation. Learn to delegate to the point of discomfort and then
delegate a bit more. This means also learning to trust and empower your team to make tough
decisions. Help them to do so successfully by first creating a long-term view with a clear link between
the now and what will be. The picture you paint of the future state should be as vivid and whole as
possible, so that your team can see how they as individuals play a role. The more they understand
the why and what, the more likely they are to go on the journey.

Continually reinforce the post-crisis vision and establish principles around what the decision-making
process is. This will make clear what should be prioritized and help the team make decisions in the
right context.

Then communicate that same vision to the broader organization to help prepare for the changes
ahead. The key here is knowing how to refine the volume of data and intelligence and differentiate
between information that is: directional, must be actioned, and requires a decision.

Bring order to information by bucketing it into three categories.

What do I know?

1 Facts are the bedrock of risk and crisis management; you will need to
be as informed and as current as possible. Rely on your human and
technical networks. Technology can help your human analysts to
grapple with the ‘why’ and ‘what’s next.’

What do I need to know?

2
There will be gaps in your knowledge and understanding of any crisis.
Look to your team to identify what those gaps are and determine, as
quickly as possible, how to fill them. The board will also give you critical
information requirements. It’s your job to provide answers, which may
not be readily available without the help of additional resources or
frameworks.

What do I think?

3 Making smart assumptions about what is going to happen next and

assigning a probability are fundamental to any crisis leadership and
planning function. You must be clear in communicating those
assumptions and the data underpinning them.

© Dataminr 2021. PZ092721 01

Practice, practice, practice

Conduct scenario planning exercises that are as realistic as possible. Execute simulations that will
stress test the security and risk management protocols established in your organization.
Oftentimes, the risk triggers will involve time constraints on decision making, a lack of pertinent
information, or conversely, information overload. When an actual crisis occurs, you want your
teams and key partners to have holistic situational awareness and to understand where
information is available, what it means, and how to act on it.

Look to the external environment

There are times when crises seem to appear as if from nowhere, but this is the
exception rather than the rule. Crises often occur because the organization is at odds
with its environment. For example, when an organization fails to keep up with changes
to the regulatory environment. Or when shifts in the market cause the demand for
products and services to drop.

Many security leaders tend to focus inward during these times, but research has shown
that the most effective crisis leaders will place an equal emphasis on the internal and Resiliency reminders
external environments. They understand that they don’t operate in a vacuum. Their
security operations are inextricably tied to both internal organizational partners—legal, Resilient ‘parts’ do not equal enterprise
resilience.
risk and HR—as well as external stakeholders such as customers, regulators, suppliers,
and vendors. For an organization to achieve true
resilience, the entire enterprise—not just
specific functions or lines of business—
Remember that external partners have a vested interest in your success. And the must be resilient. In fact, when only parts
strength of those relationships is a key part of building resilience. Establish those vital of an organization are resilient, they
become more rigid. This makes it difficult
relationships now so that you can lean on and/or influence them during a crisis. for the enterprise to maintain critical
agility when a crisis hits.

Democratize information.

Understand the risk ecosystem COVID-19 showed us the speed at which

disruption can spread, underscoring the
importance of real-time information.
Ensuring that information and insights
High-performing CSOs understand the true size and scope of their organization’s risk gleaned are accessible across the
profile. They understand the threat landscape and how both macro and micro risks— organization is a vital part of a
resilience strategy.
be they global, regional, or local—might affect the business.

Part of that understanding comes from having the right framework and tools in place.
Security leaders can then easily identify and maintain visibility of known risks, emerging
risks, and the first signs of unforeseen issues and crises.

They can implement a well-developed and dynamic security and risk framework—one
with an appropriate, complimentary, and overlapping network of passive and active
monitoring mechanisms. CSOs can also rely on real-time information tools like
Dataminr Pulse, which uses a powerful and innovative AI platform to detect the earliest
signals of high-impact events and emerging risks.

© Dataminr 2021. PZ092721 02

Are you ready? The personal stress test

Being a crisis leader is uncomfortable. It’s called the proverbial hot seat for a reason. But it also
offers an opportunity to demonstrate your grit, skills and expertise. However, if you’re not self-
aware and if you don’t yet know how you will react in times of crisis, it’s difficult to set yourself up
for success. And learning how to stay calm in a stressful environment may prove the most
challenging obstacle to achieving a resilient outcome.

The best way to do that is to put yourself in stressful situations—just as you would test your risk
and security protocols. Practice making tough, strategic decisions in as realistic an environment as
possible. How do you react? What are your weaknesses? Your strengths? There are psychometric
tools that you can use to stress-test yourself; some firms use them for crisis leadership training.
The goal is to understand what happens to you when faced with a crisis.

You’ll also need to master other aspects of effective crisis leadership, which demands a mix of
hard and soft skills such as: maintaining situational awareness; when and how to be directive;
and managing complexity and multidisciplinary teams.

Being an effective crisis leader also calls for defining and honing your leadership style. Here are
three styles that can prove useful in a crisis:

Transformational leadership.

1 Affects change in individuals and social systems. When done right,

the result is valuable and positive change within individuals. The
goal is to develop followers into leaders.

Cognitive leadership.

2 Calls for understanding the environment that you are leading and
then applying whichever leadership style, tool or skill is needed for
the situation.

3
Transactional leadership.
Focuses on the role of supervision, organization, and group
performance. Also known as managerial leadership.

Learn More
Real-time iInformation is crucial for both crisis leadership and management. Learn how
effective CSOs and other security leaders use Dataminr Pulse to make well-informed, rapid,
evidence-based decisions that stabilize organizations and build resilience.

dataminr.com
REQUEST A DEMO

© Dataminr 2021. PZ092721 03