Takeaways From Five Books Executives Should Read Now

Business risk management challenges never disappear. Executives must make sure their organization’s information is as secure as possible. Nowadays, we resolve one threat only to face a more sophisticated attack.

This steady flow of danger requires a thoughtful approach to improve risk management. Instead of relying exclusively on instant analysis and the latest white papers, I prefer an eclectic approach to managing both business risk and cybersecurity challenges. At times, insights emerge from unlikely sources — like a good book that's hiding in plain sight.

Here are five books I've read that have given me surprisingly fresh awareness into better cybersecurity.

1. The Inevitable: Understanding The 12 Technological Forces That Will Shape Our Future

Written by Wired magazine co-founder/senior maverick Kevin Kelly, this book outlines a dozen accelerating forces that are already in motion and how each will inevitably dictate our lives.

While all 12 are fascinating (for instance, all surfaces will soon be touch screens), it's his vision of artificial intelligence (AI) that hits home for any leader grappling with security. Kelly points out that today's off-the-grid AI solutions will meld into a single resource, growing exponentially thanks to 7 billion humans and quintillions of transistors. It's our job to harness and apply AI to address the difference between perception and reality of cybersecurity risk.

2. Moneyball: The Art Of Winning An Unfair Game

Written by Michael Lewis (and made into a feature film), this book follows Billy Beane, the general manager of Major League Baseball's Oakland Athletics, and his drive to make the team successful on a shoestring budget. There are many layers to the book and several lessons yet to be learned.

Outspent by richer teams, Beane leveled the playing field by using statistics and analysis to better gauge a player's value. While other teams paid top dollar for stars who drove in runs and had high batting averages, Beane's research found that on base percentage and slugging percentage were better indicators of future success. Players with these stats were available for a fraction of the price. The Oakland A's succeeded while keeping their payroll down.

The parallels here are obvious. By more precisely using statistics and analysis, you can find a path to optimize protection. For example, a security alert is a common statistic. As the A's determined, not all statistics should be treated the same. The key is focusing on intelligence that delivers the best return.

3. Antifragile: Things That Gain From Disorder

Written by former hedge fund manager Nissim Nicholas Taleb, Antifragile addresses the surprising fact that rather than breaking under pressure, some things actually thrive on stress, disorder and chaos.

A real-world example is a bone in your leg, which grows stronger when exposed to heavier loads. The book discusses the many factors involved, including that an antifragile system must be made up of individual parts that are fragile themselves — thus allowing feedback so the overall system can learn and benefit from the volatility and shock.

This concept has many interesting ramifications in business, not the least of which is taking comfort in the fact that when your company survives a minor malware attack, this breach can help strengthen your overall security posture if managed correctly. Antifragility can also help you when creating your security strategy. Should you focus on ransomware or phishing? ISO framework or SOC2? How important is time to detection versus incident close?

4. Bear Snores On

Don't laugh. This classic children's book by Karma Wilson helps us see how the most insightful lessons can often be gleaned from anywhere — whether it's a bedtime story, a 1980s TV sitcom or graffiti on the side of a dumpster. Inspiration is where you find it, and this tale has some wonderful wisdom to impart. I love reading this book to my children, and I'm half tempted to read it to my colleagues as well.

While Bear hibernates, his friends gather in his cave and go on about their lives — popping popcorn, brewing tea and making stew. "But the bear snores on," as the book periodically mentions. When Bear wakes up (thanks to his big sneeze from the stew's pepper), he's cranky because his friends have had fun while he slumbered.

Therein lies the simple nugget of revelation: You can't expect good things to happen while you're not paying attention. As a CISO will tell you, it's critical to always be awake, alert, vigilant and aware of your surroundings. Don't snore on, comfortable in the existing security you've worked so hard to build. You may need a wake-up call now and again.

5. Never Split The Difference: Negotiating As If Your Life Depended On It

Written by Chris Voss, a former international hostage negotiator for the FBI, this book highlights his unique career and life experiences and offers insights on how to successfully negotiate anything.

Negotiating highlights run the gamut, from the importance of listening and using open-ended questions to creating an illusion in the mind of the person across the table from you that they're in control. However, perhaps the most important lesson is understanding how "no" is often a better alternative than "yes." "No" actually starts the negotiation, and it's where you go from there that makes all the difference.

For almost any businessperson, the applications of this book's lessons are numerous. Whether you're negotiating a ransomware payout with a cybercriminal or additional budget from the board, you'll be well prepared for the discussion.

Put these ideas to work for you.

I've only scratched the surface here. As a cybersecurity and innovation expert who aims to stay ahead of threats and keep teams happy and productive, I invite you to take the learnings in these books to heart while preparing the most effective risk solutions.

This article was originally published on Forbes.com.