Image of great leadership instead of analyst firms in a boardroom making cyber security decisions
What Analyst Firms Won’t Tell You: Great Leadership Drives the Best Cyber Security Decisions

What Analyst Firms Won’t Tell You: Great Leadership Drives the Best Cyber Security Decisions

Making educated decisions about cyber security requires high-quality information. Analyst firms are happy to provide information. But is the information they provide genuinely useful? Are they adding value to the conversation?

In this article, we’ll explore the risks of relying too heavily on analyst firms when making key decisions about cyber security.

The challenge, of course, is that you need good information to make intelligent choices. But the problem is figuring out whom to trust. Analyst firms hire people with expertise, but are they telling you want you need to hear?

The best leaders seek input from multiple sources, inside and outside their organizations. They read constantly, ask questions and leverage their professional networks to gain information that informs their decisions.

From my perspective, peer-to-peer networking and industry journals such as CPO are better sources of information for technology executives than analyst firms.

Great leaders gather information from many sources, often stepping out of their comfort zones to find the best sources of reliable information.

I believe the analysts have created an echo chamber. They’ve invented an essentially meaningless argument over which solutions are good, better and best. This is a false argument, based on the obvious fallacy that all business problems can be overcome by technology.

For example, here are four recommendations for improving your cyber security that do not require investing in new technologies, engaging consultants or buying expensive reports from analysts:

  1. Focus on core risks; resist the urge to buy services and solutions you don’t absolutely need.
  2. In many instances, the best cyber defense strategy is physical separation between threats and assets.
  3. Know your enemy and study the landscape. Identify the organizations most likely to attack your cyber assets.
  4. Educate, train, communicate and remind. Send regular companywide emails reinforcing the idea that cyber security is everyone’s responsibility.

Senior level executives know that technology alone cannot deliver success. Most executives will tell you that strategy, culture and execution are more important than technology, and I agree wholeheartedly.

Ultimately, great leadership is the key to success. Technology is important, but leadership is more important.Great leaders know that technology is an enabler, not a substitute for thoughtful strategy, superior execution and a deeply nurturing culture.

In researching my newest book, The CEO of Technology, I discovered bedrock virtues shared by the world’s most successful technology executives. Consistently, the highest performing executives lead, re-imagine, reinvent and enable a culture of genius to create value and drive growth. Let’s unpack those four essential concepts:

  1. Lead — The modern CIO is a leader, an experienced executive with the people skills needed to inspire teamwork, individual initiative, superior execution and loyalty.
  2. Re-imagine –Forward-looking CIOs don’t accept the status quo. They don’t seek the easiest path. They are trailblazers, pioneers and groundbreakers and they are expected by the CEO to identify and execute on opportunities to transform the business. They re-imagine the future and find the right combinations of people, process and technology to convert their vision into reality.
  3. Reinvent – The continually modify, improve and reinvent existing processes, technologies and systems to achieve the strategic goals of their organizations.
  4. Create a Culture of Genius – They nurture and support the people around them and push them to achieve success beyond their wildest dreams. They encourage imaginative work and they reward innovation.

Analyst firms typically downplay the role of great leadership, because it doesn’t fit their narrative that technology can solve all problems. Their faith in technology is understandable, but that doesn’t mean you need to accept it uncritically.

Very large companies can afford to buy similar versions of solutions from two or three vendors. Essentially, they’re hedging their bets.But most firms are limited to buying one solution – and hoping it works. When you’ve only got one shot, you have to make it count.

Does improving your #cybersecurity require investing in new tech, engaging consultants or buying analyst reports?Click to Tweet

Your leadership is an irreplaceable and essential part of the decision-making process. Feel free to listen to the analysts, but remember that making the right decision is your responsibility.


President and CEO at HMG Strategy