Create a CX-First Culture for Executives

Steps security and risk leaders can take now to create a better customer experience for executive business partners.

Experiences shape the way we feel and act. This is why Amazon put customer ease above potential customer data risks when it patented its 1-Click purchase feature. And why the Ritz-Carlton offers highly-personalized service. They know the value of customer experience and have made it central to their business model. It’s time for security and risk leaders to do the same.

If you can improve their comfort and understanding of risk and security, you can help your company move faster

“Today, the battleground for the digital industrial revolution is the customer experience,” said Leigh McMullen, research vice president at Gartner, during the 2018 Gartner Security and Risk Management Summit in National Harbor, MD. “Security should not wreck the customer experience, but it often does.”

He added that, for security and risk leaders, the customer is anyone in their enterprise. Long focused on operational excellence, such leaders must now work to create an effortless customer experience for their business executives. This can mean giving up control, which leads to the nexus of a culture clash.

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download eBook

“Your customers want the effort they put in to match the value they expect to get. If you deliver the wrong experience, they’ll just tune you out,” explained co-presenter Paul Proctor, vice president and distinguished analyst at Gartner. “If you can improve their comfort and understanding of risk and security, you can help your company move faster. That is truly a business value of security.”

McMullen and Proctor identified five things security and risk leaders can do now to create a better experience for their executives.

No. 1: Actually speak to executives about things that matter to them

Talk to business leaders about what’s important to them. Don’t assume you know. Remember, it’s about what they think matters. Ask the question: “What types of decisions do you make every day.” The answer can provide lots of insights. Show them how their business outcomes are directly dependent on technology.

No. 2: Help executives with their decisions through operationally-focused risk assessments

Start with a business process and conduct interviews with the people who execute that process. “Offering executives decision-making in the context of operational outcomes makes these engagements more than interesting to them. It directly impacts the decisions they make,” Proctor said. “You are now helping them do their job.”

No. 3: Create defensibility for your executives

Executives do not directly control technology security and risk. But when things go wrong, they are usually held accountable. They need defensibility. “We have treated security like a dark art for so long that when an organization gets hacked, people don’t understand,” McMullen said. “You can’t guarantee the organization won’t get hacked, so stop selling your executives protection, and start selling something they truly need, defensibility.”

No. 4: Take tech out of your conversations

Your ability to put decisions in terms of business outcomes is critical to your success in a modern risk-based world. Don’t talk about security and risk in only technology terms. Although tech will always be a part of the conversation, your partners need to understand what you’re saying. “Making risk and security more transparent and business-aligned is an absolute requirement,” said Proctor.

No. 5: Move from project to product management

Use product management to change the experience you deliver. Unlike project management, everything is continuous and typically organized around a business process and the IT requirements to support that process.

“Doing these five things will improve executive experience, their perceived value, and result in a better, more appropriately protected organization,” said McMullen.

More information on security and risk management is available in the Gartner Special Report “The Resilience Premium of Digital Business: A Gartner Trend Insight Report.” This collection of research focuses on how committing to resilience will equip a digital business with the mindset, resources and planning to recover from inevitable disruptions.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching