Why invest in a culture of security: Adaptability
Adaptability in an organization is about the organization's willingness and ability to quickly respond to external and internal changes. Whether the result of changing market conditions (e.g., rising interest rates or increasing competitive pressure), the introduction of new regulation (e.g., GDPR or COVID-19) or internal factors, such as a change in leadership or a merger, all organizations undergo change. The difference between those organizations that struggle with change, and those who thrive, is their ability to adapt to the new requirements that change is forcing upon them. Those that have inbuilt adaptability, tend to be better at handling change .
Change can be triggered by a cyber security incident too, resulting in data loss, operational disruption, significant downtime and financial loss. The better prepared you are, the faster you will be able to shake off the trouble. The more capable your organization is to adapt to changes caused by the incident, the more likely you are to reduce the losses, and return to normal operations as quickly as possible.
Features of Adaptability
By being adaptable and flexible in its approach, an organization can adjust its strategies and tactics to overcome challenges and achieve success, even in the face of unexpected changes or disruptions. Research shows that there are some key points that make an organization better able to adapt to changes. Organizations that have built adaptability into their business are likely to be:
- More responsive to, and better able to capitalize on, external events that will impact the business
- Faster and better at implementing policy revisions, new technology or adopting other required changes
- Better able to handle [cybersecurity] incidents.
Adapting to change successfully requires a clear goal and a readiness for change. For an organization, this involves three elements:
- being able to notice change;
- being able to find new approaches and alternatives to respond to this change;
- having the required knowledge and skills, resources and commitment to be able to enable and manage the change.
This last element should not be understated. During the pandemic, the fittest and most prepared to adapt organizations were the ones that thrived . Not every organization was able to adapt and evolve quickly enough. Organizations that were able to rise to the challenge, to quickly and efficiently mobilize themselves to meet that demand, were the ones that thrived financially.
“Organizations must be able to sense and assess new opportunities, to seize value from these opportunities, and ultimately reconfigure organizational structures in order to enable organizational change and maintain a competitive edge.” (Schulze & Pinkow, 2020) 
Organizations that are resistant or slow to change, may find their business suffer as a consequence. Many cybersecurity threats leverage this resistance to change. Business email compromise is a great example of how the criminals gain access to a victim's systems, and then start to exploit it by sending and approving fake invoices. Many times we see that these kinds of scams can be mitigated by implementing simple controls. Yet our experience is that organizations struggle to implement the relevant changes until they have experienced the threat themselves.
Praxis Security Labs recommends engaging with experts in organizational psychology and culture, and implementing a good, iterative process such as the Praxis Process, described below.
The Praxis Process
The Praxis Process is a seven-step model ideal for reforming and managing organizational culture and building dynamic capabilities across the organization's employees, technology and processes to improve adaptability and resilience, reduce employee friction, manage risk, and increase profitability and security. It is based on extensive research and experience of the Praxis team.
By following the seven iterative steps of the Praxis Process, our experts can gain a deeper understanding of what your organization and its employees need (possible adjustments, interventions or support, as examples) in order to be more adaptable. To learn more about how the Praxis Process works, download our free whitepaper outlining how to create relevant interventions.
This is the second in a series of blog posts that share some of the outcomes of forming and managing a culture of security within an organization. This series discusses topics like resilience, adaptability, human detectors, efficiency, shadow IT, psychology, profitability and risk management. Last time, we explored the topic of resilience, and in this post we discuss adaptability.