If you have ever driven a car with wheels that are out of alignment, you probably experienced the joy of fighting the steering wheel to keep the car straight and on the road. If you're driving a company whose business goals, information technology, and cybersecurity are out of alignment, you'll experience the same issues: Depending on where the misalignment is, company goals may become increasingly difficult to achieve, technology may be out of sync with your needs, and cybersecurity may be protecting all the wrong assets. In short, your company is misaligned.

In our specific context, misalignment means that your technology and your cybersecurity are not working together in support of your business goals. The operative word here is together. They are pulling you in other directions as opposed to helping you achieve what you set out to do. Unfortunately, this is far more common that you'd think, and it plagues everyone from the lone wolf professional to vast multinationals. The reasons are surprisingly complex and often hidden under layers of confusion, indifference, and office politics. But misalignment ultimately boils down to two key problems: poor governance and poor management.

Why Governance Matters

First, what is governance?

My definition is: Governance is the collective set of principle‐guided actions that when applied guide a company to the fulfillment of its goals. I use principle‐guided actions to distinguish governance ...