The University of Rochester Medical Center hired its first chief information security officer, Michael Pinch, to lead a new dedicated cybersecurity department. Previously, cybersecurity responsibilities were dispersed among various IT departments. Medical Center executives recognized the need for stronger cyber defenses given numerous high-profile hacking incidents. Pinch was given a budget to build the department from the ground up by immediately hiring six to eight staff. This focus on cybersecurity is reflective of a worldwide trend as organizations increase protections for their computer networks and data.
University of Rochester Medical Center's new chief information security officer
1. Until Michael Pinch
became the first chief in-
formation security offi-
cer at the University of
Rochester Medical
Center eight months ago,
protecting the institu-
tion’s computer networks
and all the data they con-
tain was left to informa-
tion technology workers
in various departments.
But Medical Center executives,
aware of numerous high-profile com-
puter hacking incidents and growing
concernsaboutthestrengthoftheirde-
fenses, recognized a need for a more
robust computer security effort.
“Icameinwithabudgettohiresixto
eight staff immediately and really
build the department from the ground
up. We’ve had excellent security here
inthepast,butneverthroughadedicat-
ed department. It was kind of dissemi-
nated throughout operations,” said
Pinch.
The commitment to computer secu-
rity at URMC is just one example of a
worldwide trend as businesses, public
Democrat and Chronicle Sunday, February 17, 2013
Len LaCara Business Editor (585) 258-2416
llacara@democratandchronicle.com
Len LaCara
Last week Pope Benedict XVI an-
nounced he would resign his position at
the end of February. This form of pontif-
ical succession has not happened in near-
ly 600 years; typically popes die on the
job. For the next month and a half we will
observe how the world’s oldest existing
bureaucratic organization selects a new
leader and transfers power.
These events led me to ruminate on
the importance of succession planning in
organizations, and the critical fiduciary
role the board must play in insuring the
institution and its stakeholders suffer a
minimum amount of disruption and fi-
nancial risk. Rochester has seen its share
of successful leadership succession plan-
ning, most recently the Xerox CEO tran-
sition from Anne Mulcahy to Ursula
Burns. A more difficult succession proc-
ess is when there is a sudden loss of lead-
ership resulting from the death or perma-
nent incapacitation of an organization’s
leader, and in many circumstances its
founder.
So, how should board members go
about carrying out this responsibility? A
first good step is full recognition that the
board works for the stakeholders and
with the CEO and senior management
team. This fundamental principle of a
board member’s responsibility can be-
come blurred as personal relationships
develop and financial benefits and posi-
tional veneration dull the inherent tension
accompanying this fiduciary obligation.
Successful boards focus a significant
amount of time and energy analyzing the
current conditions of the business, in-
cluding its strengths and needs for fur-
ther development. They dispassionately
separate personality from competency
and inventory what additional compe-
tencies would further strengthen the
management team and embed a perfor-
mance-driven culture. They establish
development plans with timelines for
their high-performing executives and
create a continuous flow of organizational
development, with a productive feedback
and evaluation loop. In addition, they
maintain robust scenario planning that
responds to a sudden loss of leadership.
The result is a dynamic team environ-
ment united around the mission of the
organization, not steering the board for
personal gain.
I have seen where this can be over-
whelming for boards and they become a
bit too complacent and “hopeful” that
things will be OK. This approach intro-
duces many risks that are not good for
the stakeholders. Some of the early warn-
ing signals are dominant executives who,
based on their business success to date,
adopt a “master of the universe” persona
the board refuses to confront. One thing I
have observed over the years is that
“what got you here won’t get you there.”
The more senior the position in the or-
ganization, the greater need for skills of
influence, persuasion and collaboration,
not the misguided view that positional
power can compel cooperation.
Another trouble sign is when a board
adopts what is referred to as the “Messi-
ah Complex,” as in, “We are only one
great hire away from everything being
perfect.” Hope-filled wishful thinking is
not a strategy, no matter the disguise.
Boards suffering from the Messiah Com-
plex trap are usually at the beginning of a
period of prolonged difficulty.
In the end, a board of directors that
approaches succession planning with
vigilance and vigor will continually prime
the well of success.
So let’s get to work.
Succession planning critical to business success
GO DEEPER
ON DIGITAL
Click on this story at
RochesterNext.com to
view a video about
cybersecurity.
Local firms,
RIT
respond to
growing
need to
protect
critical data
Bennett J. Loudon
Staff writer
The key to
c y b e r s e c u r i t y
See CYBERSECURITY, Page 5E
Michael
Pinch
PHOTO ILLUSTRATION :: DANI CHERCHIO