What Cybersecurity Leaders Can Learn From the Game of Golf

Source: SunFlowerStudio via Alamy Stock Photo

COMMENTARY

I was talking with some friends about the recent 2024 Presidents Cup matchups, and how Mackenzie Hughes — a fellow Canadian — was going to play a pivotal role on the International Team. As we dug into game strategy, I had one of those lightbulb moments: There is a lot in common between golf and cybersecurity.

Now, comparing a quiet game on a manicured golf course with a high-intensity, never-ending battle to secure critical data and digital assets might seem like a stretch. But stay with me — there is a real overlap between the challenges security leaders face and the sport that’s been surging in popularity.

Here are five takeaways that stand out to me.

**Teamwork Is Critical **

Golf is often seen as an individual sport, but tournaments like the Presidents Cup remind us of the importance of teamwork. For those unfamiliar: At the Presidents Cup, 12 US golfers compete against a team of golfers from the rest of the world. Even as traditionally played, golf requires close collaboration. Golf Digest magazine recently declared that “professional golf is no longer an individual sport,” as players now rely not only on their trusted caddies but also on statisticians, short game coaches, trainers, sports psychologists — you name it.

It’s the same with cybersecurity. There’s a common misperception that it’s IT’s problem, but it’s everyone’s job to protect the company. In fact, recent research shows that nearly one in three employees think security isn’t their problem — which likely explains why 54% of employees admit they don’t always follow their company’s security policies.

Just like golf, security requires collaboration across the entire organization, from individual contributors in each department to the executive level and the board. Without a team effort, you’re not going to get far.

**Fundamentals Matter **

In golf, it’s tempting to think the latest gear will magically fix your game, but even with the most advanced clubs, you won’t perform well if your grip, swing, and stance are off. In cybersecurity, it’s the same. It’s easy to get caught up in the buzz around new AI tools or fancy software, but if your fundamentals are weak, no shiny new tech is going to save you.

At its core, security is about getting the basics right: things like multifactor authentication (MFA), keeping software updated, and maintaining strong password practices. Once those fundamentals are locked in, you can build from there. But skipping them? That’s like trying to tee off without knowing how to hold the club properly.

You Need a Full Bag of Clubs

Every golfer knows that one club won’t get you through a full round. You need a driver, irons, wedges, and a putter to handle different situations. The same goes for cybersecurity. There is no “silver bullet” solution that can handle all your security needs.

A hybrid workforce, with employees using their personal devices across different locations, adds layers of complexity. You need a suite of tools that complement each other, working in harmony with human behavior. The best security tools don’t focus only on protection — they also prioritize ease of use and help employees be productive while staying safe.

Shooting Par Is Hard

To a non-golfer, shooting par might sound like an average accomplishment. But anyone who’s tried it knows it’s really hard, and keeping your organization safe is no different. Achieving a solid baseline of security is tough, especially when cybercriminals are constantly upping their game.

More than one in three businesses (36%) have suffered cyberattacks costing more than $1 million in the past year, up from 27% the previous yearup from 27% the previous year. With generative AI (GenAI), attackers are creating more sophisticated, hard-to-detect threats, with deepfakes alone projected to cost $40 billion in 2027.

As long as there’s money to be made, criminals will continue to innovate fast. Staying the course and ahead of the competition will require security professionals and golfers alike to seize every edge, from technology to training.

The Best Make It Look Easy

Watching a pro golfer hit a perfect shot can make the game look simple, but anyone who’s tried knows better. In cybersecurity, the best solutions are often the easiest, most seamless, and least disruptive for employees to use. The easier it is for employees to follow security protocols without interrupting their flow, the more secure your organization will be.

About the Author

CEO, 1Password

Jeff Shiner is the CEO of 1Password, a leading identity security company. Since joining in 2012, Jeff has grown the company from 20 people to a more than 1,000-employee global organization with a $6.8 billion valuation. Trusted by more than 150,000 businesses and millions of individuals, 1Password has expanded into a multiproduct identity security company that can secure every sign-in to every app from every device — even the unmanaged apps and devices that can’t easily be secured today in hybrid work environments. The company has been recognized on the Forbes Cloud 100 list, Fortune’s Cyber 60, Redpoint’s Infrared 100, and Quartz’s Best Companies for Remote Workers.