Empathy - Christian EspinosaEmpathy in the professional world isn’t a new concept, but its adoption is lagging. Look no further than the Great Resignation as proof that how companies treat people must change. Many people have readjusted their beliefs about work and life in the past few years, so empathy’s importance is greater than ever and has a pivotal role to play in cybersecurity.

Empathy is a key component in winning the cybersecurity war. As such, it’s the sixth step in the Secure Methodology, which is a guide of seven steps that helps cyber leaders transform their employees into high-functioning communicators and collaborators. It builds on the five preceding steps: awarenessmindsetacknowledgmentcommunication, and monotasking.

Let’s dive into empathy and why it’s a critical aspect of cybersecurity.

Empathy Is Hard to Find These Days

While empathy is critically absent in many technical folks, the rest of the world isn’t demonstrating it much, either. It doesn’t mean that people are naturally unkind; instead, their concept of doing things to support others and the greater good gets canceled by their focus on differences.

It’s easy to ground a worldview in differences and an us-versus-them mentality. If we don’t feel personally impacted by something, we’re glad to look the other way. If “others” are different, then many of us can feel it’s none of our concern.

Except, at the end of the day, we have so much more in common. First, we’re all humans and face many of the same challenges. There’s a microcosm of this happening in your cyber team, especially in their beliefs about others. They typically see nontechnical roles as “others” who could never understand what they do, which creates a wall for communication and collaboration.

Everyone will always have specific roles, but when they become the foundation of how you react to others, it’s not serving anyone. For example, saying, “Oh, he’s a salesperson and can’t understand security risk,” means someone’s already discounting them and looking at them like a caricature.

This initial premise creates an empathy void, which has consequences for cybersecurity.

The Impact of the Absence of Empathy on Cybersecurity

So, how does a lack of empathy affect cybersecurity? It can cause a lot of problems, which can have a devastating impact on risk.

Technical Folks Can Be Intellectual Bullies

Bullying in the workplace is just as common as in the schoolyard. When people cannot see the perspective of others, they tend to act condescending and be defensive in every conversation. They use their intellect to belittle others, which fosters distrust and resentment. Unfortunately, bullying is often part of cybersecurity culture and goes unchecked.

Ego Cripples Empathy

These bullies often only have concerns for themselves. They have a narrow view that doesn’t include the needs of others. It’s especially detrimental when managers have egos that stunt the growth of others. It’s toxic and hampers the capabilities of a team.

Without Empathy, You Can’t Have a Team

The basic principle of a team is a group of people working together to accomplish a goal or solve a problem. Empathy is a prerequisite for this. When it’s missing, you can’t have a team.

On the one hand, we all have some type of belief about our inabilities. You would think this would encourage us all to be more empathetic. The challenge for many technical people is that they want to cover up insecurities and reject empathy for themselves and others. As a result, the foundational trust of being teammates isn’t there.

Empathy Emptiness Is More Than an Internal Problem

A cyber team that doesn’t prioritize empathy also hurts the relationships it has with others, whether they are an internal or external client. Technical people are responsible for security, but not in a vacuum. They must work with others to understand the objectives and concerns of these parties. When they don’t, they create a greater divide and overcomplicate situations, which causes further ostracization.

The stakeholders want to be involved and understand threats and risks. Just because they aren’t technical people doesn’t mean they can’t understand these things. However, if cyber professionals keep them in the dark, it only helps cyber criminals.

The Real Empathy Struggle for Technical People Is a Human Connection Problem

In my career and experiences, I’ve learned that human connection is the root of the empathy struggle for technical folks. Obviously, connection is essential to empathy in any capacity. If we’re all lone wolves and only focus on ourselves, there’s no connection.

Striving to build a human connection is an asset anyone can appreciate. It improves communication, collaboration, and perspective. Those things make people better at their job and happier in life in general.

So, how do you break people out of their one-track minds and cultivate a cybersecurity culture built on empathy?

How to Develop Empathy in Your Cyber Staff

You may think that developing empathy in technical professionals is beyond impossible. You’re already ready to skip to the next step and leave this one out because empathy is too emotional. Fair enough, but I wouldn’t have included it in the Secure Methodology without a plan. It’s an entire chapter in my book, The Smartest Person in the Room, and these are some excerpts that can help you find success.

The Framework Starts With Cognitive Empathy

There is more than one kind of empathy, and the focus here is cognitive empathy, which is the ability to understand someone else’s feelings and perspective. It’s somewhat different from its emotional counterpart, affective empathy, but it still has the same roots.

Additionally, you must frame your approach to differentiate between empathy and sympathy. They are quite different. Empathy describes the choice to connect with someone and accept their perspective. Sympathy doesn’t require the perspective aspect. Rather, it’s merely the ability to feel sorrow for how someone else feels.

People can be sympathetic but not empathetic. It’s a good trait to have, but empathy is what can drive organizational change and success.

Understanding Motivation

Motivation is a recurring theme in the Secure Methodology and applies to empathy. Grasping what motivates an employee is a key to helping them become more empathetic. Their motivation ties to the role they play in cybersecurity and supports a perception of a team working together. If they get this, they’ll want to grow their empathy.

Acknowledging Accomplishments

When you recognize the hard work of your staff, you create positive connections with them. In turn, it becomes a way to foster empathy. In addition to acknowledging achievements, you should also highlight similarities, struggles, and perspectives. This can create further connections between teammates and enrich trust.

Adapting Communication

It starts with you and your communication if you want your people to exemplify cognitive empathy. You have to be an example through how you communicate, which means admitting uncertainty and not always having an answer. They may be more likely to do the same if you can do this. Adapting your communication is critical and includes:

  • Avoid the word “why” because it triggers defensive responses.
  • Try making statements to uncover information, such as “Tell me what your plan is for this.”
  • Include the perspectives of others in how you communicate to demonstrate that the topic impacts many people.
  • Encourage people to explain those impacts on others when working through a cybersecurity challenge.
  • Continue to impress upon your team that listening is just as vital in communication as speaking.

Putting the Target Back on the Actual Enemy

It may seem apparent, but the enemy in the cybersecurity ware is the hackers. Yet, the “otherism” I defined earlier pits cyber professionals against colleagues. For those people who are stuck in the mindset of us versus them, they forget who the actual bad guys are. In fact, they’re helping the bad guys by functioning without empathy.

Staff too busy trying to stay in control of every cyber discussion and decision refuse to let the needs and perspectives of others have a place. As a result, cybercriminals win because team cohesion is absent. This is the most dangerous environment to operate in and will likely end in a breach or incident.

In working toward greater empathy, you must be clear about who the adversary is and that it’s nobody in the room. Connection within your team and with clients is critical to being proactive and prepared for cyberattacks. You can outmaneuver the hackers if you consistently focus on this and encourage empathetic capabilities.

Trust in Empathy to Revolutionize Your Cyber Culture

All the work from the previous Secure Methodology steps will put you in a position to develop empathy with your technical people. Having this new approach should also help you make better hiring decisions in the future. The bottom line is that empathy isn’t an innate human quality. We have to learn it, and you’re in a position to help people do this. That’s good for them personally and professionally. Get more tips on empathy and exercises by reading The Smartest Person in the Room.