Interim Management of Information Security: What Are The Benefits and Disadvantages?

By | October 31, 2017

Interim management is a growth area, especially in the field of information security. An interim manager works for a company on a temporary basis, either implementing a special project or bridging a gap caused by the departure of a permanent manager. Interim management can often be the ideal solution when a new project requires specialist skills and experience not currently available in the company.


Compared to the traditional management consultant, an interim manager brings a lot of added value to the table. Whereas a consultant will make recommendations for the business to carry out, an interim manager will in addition implement these measures and take full responsibility for them. Unlike a consultant or a low-level “temp”, an interim manager is judged on the effective delivery of a specific project, rather than being assessed merely on production of a voluminous report, or simply turning up for work. Not the least of the advantages of interim management is the fact that this solution can be a lot cheaper than using management consultants!


In the field of information security, hiring an interim manager can make even more sense. Relatively few professionals have the skills needed, since information security is a fairly new field, and so there can be difficulties in filling a position that suddenly falls vacant. In addition, a temporary information security manager can be of immense value in setting up the organisation’s Information Security Management System (ISMS), but thereafter there may not be a need for a full-time position with those specialist skills. In this situation, a temporary manager could be the most cost-effective solution by far.


Naturally, there are a few disadvantages to this solution. The chief one is the loss of continuity: once the interim management arrangement is over, that skill-set is no longer available to the organisation. This means there may difficulty in finding appropriate expertise at short notice if an information security related problem should occur. This is a risk that directors should consider carefully before opting for a temporary management solution.


In addition, there is a limit to the degree in which an interim manager will be able to effect a change in company culture towards a greater awareness of information security as the responsibility of all employees. Cultural change takes time, and time is one element necessarily unavailable to a temporary manager. If there is no-one to pick up this requirement after the completion of the project, then (although the short-term project may be delivered on time and within budget), the longer-term requirement for change may “fall between the cracks”. Again, this is a matter for careful consideration at Board level. However, both this and the first disadvantage will also be seen in situations where management consultants are hired, and so cannot be considered unique to the use of interim managers.


Interim security management, in short, has the potential to provide an excellent solution to situations that can occur fairly frequently in businesses. Although not without its disadvantages, which must be assessed and addressed by the organisation, temporary management can offer added value compared to hiring management consultants, and will often be considerably cheaper. These factors no doubt lie behind the current significant growth in the use of interim managers.

Harvey is passionate about getting you the best insurance deals possible.

[wpr5-amazon asin=”B074ZX7GJG” region=”com”]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.