Chapter 8: What Motivates Managers? – Selling Information Security to the Board


Officially, managers in the private sector are motivated by their obligation to maximise the return on capital invested in the organisation by shareholders; in the public sector, by a sense of public duty; and in the third or voluntary sector, by a commitment to the cause of their members.

In those (mostly) smaller organisations in which management still holds the largest percentage of the shares (i.e. well over 50%), what management wants is usually in line with what the shareholders want. This is not always the case in larger organisations, where management is, in effect, the agent of the shareholders. There is a body of research which argues that the ‘agency effect’ is, in fact, detrimental to shareholders.

In larger organisations, you might think that management is motivated by the pursuit of the organisation’s vision and mission and will behave in accordance with its values.

Google’s published vision, for example, is: ‘Organise the world’s information and make it universally accessible and useful’. Its mission is a much longer statement, called ‘Ten things that we know to be true’.2 Google’s values are summed up in this easily remembered statement: ‘Do No Evil’.

The reality is that corporate executives tend to be only indirectly interested in their vision and mission and, while they expect staff to align themselves with the corporate values, they don’t always expect the same of themselves.

Experience suggests that corporate executives are driven by much more personal objectives.

In 1943, an American psychologist, Abraham Maslow, originated the idea that people had a hierarchy of needs, the lowest of which were the physiological needs – to breathe, eat, sleep, excrete, and so on – and that, once (and only then) a particular level of need was satisfied, they would move up the hierarchy to the next level of need. The pinnacle of the hierarchy was something that he called ‘self-actualisation’.

Maslow’s Hierarchy of Needs3 is usually expressed in the form of a pyramid:

Figure 1: Maslow’s Hierarchy of Needs

Maslow’s Hierarchy is useful because it tells you that, at a personal level, corporate executives are likely to be motivated by their need to belong (this is usually more true of junior executives than senior ones), or by their need for esteem. More senior executives are often motivated by what we think of as ‘ego’, or what Maslow would describe as ‘esteem needs’: the need for the respect of others, the need for status, recognition, fame, prestige, and attention.

In larger organisations, you can use the vision, mission and values as leverage in your presentation of an investment proposal but, fundamentally, you need to appeal to the corporate executive’s need for esteem; you certainly need to avoid getting on the wrong side of management’s collective ego.

You achieve this in two ways. The first is to avoid demonstrating how much cleverer, and better informed you are than the management: senior managers have power and authority and they expect subordinates, however technically brilliant, to remember that they have less power, authority and, therefore, lower status.

The second is to present proposals and solutions to information security challenges in ways that enable senior managers (usually, in this circumstance, your boss or your boss’s boss) to claim the credit for them; unless the rest of the management team is half-witted, they will easily work out that the original thinking on your specific information security issue won’t have been your boss’s. Your competence will, in other words, become known and recognised – and the other senior managers will feel good about themselves for having identified the real talent.

In this way, you can get an information security investment proposal taken forward by a senior manager who hopes to achieve praise/reward from having solved a problem that his or her colleagues hadn’t even realised existed, be discovered by the rest of the management team, and get your proposal approved.

Two classic texts worth reading, even though neither was written specifically as guidance for information technology executives, are:

  • The Prince, Niccolò Machiavelli.
  • The Art of War, Sun Tzu.

Both texts offer many valuable lessons on how to get things done inside larger organisations.

2 See:

3 There is a straightforward description of the Hierarchy on Wikipedia: