The stakes on that phrase get higher when it comes from a business leader.

They get even higher when it comes from a business leader regarding cybersecurity.

As we move into 2023, I have a New Year’s resolution for you: make this the year that your entire team — leaders and all — get aligned on cybersecurity.

This isn’t about calling leaders out; it’s about calling them in. How to get in alignment? It’s more than keeping messaging consistent. That’s talking the talk. You need to walk the walk.

The Stats Are In, and They’re Not Good

Cybersecurity posture is frequently marked by a massive gulf between what leaders say to do and what they actually do.

An ambitious recent 2023 Cybersecurity Status Report conducted by Ivanti makes a clear case. Highlights, or lowlights, below:

Nearly 9 in 10 leaders surveyed say they are prepared to recognize and report threats like malware and phishing at work; however, they are more likely than other knowledge workers to practice unsafe cybersecurity behaviors. When given the opportunity, more than one-third of leaders clicked on a phishing link — 4x the rate of other office employees. Nearly one in four leaders use easy-to-remember birthdays as part of their passwords. Leaders are more likely to use the same passwords for years and are 5x more likely than other office employees to share their password with people outside the company. A 2022 Microsoft report on digital defense highlights the issue as well citing weak identity control as one of the top contributing factors to weakened security in organizations.

I can’t speak to the why behind these stats, other than to speculate that leaders are forced to be good multitaskers, and with sophisticated spearphishing techniques being deployed by threat actors, being distracted increases the chances of not noticing the elements of the message that aren’t quite right. What is striking about this stat is that the same people increasing vulnerability for their companies are often seen talking about working together to protect the company.

It’s unlikely to be malicious, but it’s extremely dangerous.

What To Do About It

You can’t un-know these stats. Now that you know, you can act. Information is the strongest weapon against vulnerability. To help promote alignment between leaders and their teams when it comes to cybersecurity — or any topic — transparency, training, and communication are key.

It’s critical for leaders — especially those in marketing, comms, and HR — to emphasize the importance of customized training curricula to provide extra layers of protection for the organization.

Modern workplace training doesn’t rely on notices, emails, and pamphlets. It demands guided learning paths and blended environments that combine instructor-led training with recorded sessions, games, and other enriching strategies that promote engagement and information retention.

Why This Matters

Cybersecurity threats are relentless, and evolving every day. Organizations are throwing tremendous amounts of resources at the problem in order to thwart and remediate vulnerabilities — a task that’s increasingly insurmountable in an economic downturn and tough talent market. Meanwhile, the proverbial call is coming from inside the house.

If your leaders aren’t walking the walk — and are creating actual vulnerabilities — you’re never going to be able to get ahead of the problem.

Organizations that have a proven ability to fend off advanced threats have five things in common:

Leadership buy-in: This includes budget support to build stronger defenses as well as automation to pursue proactive strategies. Visibility: High levels of visibility into users, apps and devices. Software supply chain resilience: This is expected to be a major area of investment in 2023. Security in the cloud: The cloud is increasingly emerging as the secure choice. UX for risk reduction: User experience is an integral part of security.

While cybersecurity is top of mind in the wake of this report, generating internal and external alignment on any topic starts with leadership buy-in. Without that understanding and transparency, you’re fighting an uphill battle. Get clear and aligned. And walk the walk.

Leaders must serve as role models, with their actions reflecting the messaging they’re giving out to employees. Ensure that best practices are in place, and then follow those best practices. Only then can you authentically encourage the rest of your team to follow them as well.

Let’s make 2023 about walking the walk.