Cyber Insiders - Magazine - Page 5
WRITTEN BY JOHN
MAYNARD, CHIEF
EXECUTIVE OFFICER AT
ADARMA
FIVE BEST
PRACTICES FOR
CISOS WHEN
SPEAKING TO
THE BOARD
Where do CISOs go wrong? How do you communicate
effectively to the board? Here are my five best practices for
speaking to the board about cybersecurity issues.
O
ver the past decade, the
topic of cybersecurity has
propelled its way up the
board’s agenda to claim a
top spot of concern and
focus.
Catalysed by an exponential growth in
cybercrime
and
rapid
digital
transformation, cybersecurity is no
longer viewed as an “IT problem” but
as a business-critical issue.
A slew of high-profile cyberattacks,
more stringent regulations and the
potentially massive financial and
reputational damage of a breach is
driving this urgency to strengthen
cyber resilience. Organizations are
expected and obligated to take
reasonable action to secure their
digital
ecosystem.
This
growing
awareness means the board wants to
talk about security, risk and risk
reduction,
resilience,
bottom-line
savings and top-line growth in relation
to security.
This willingness gives CISOs the
opportunity to help senior business
leaders better understand the value of
cybersecurity from numerous angles to
encourage buy-in.
However, communicating this value in
the right way can often be challenging
and lead to confusion, disillusionment,
inconsistency in policy and a lack of
cohesion,
which
ultimately
will
undermine the organization’s cyber
posture.
So, where do CISOs go wrong? How do
you communicate effectively to the
board? Here are my five best practices
for speaking to the board about
cybersecurity issues.
To cut down on verbose language,
CISOs
should
also
leverage
visualization as a tool to convey
complex messages or to help elucidate
a point using fewer words. CISOs need
to be succinct, use a sensible pace
and continuously read the room to see
if their audience is engaged.
1. Avoid using overly technical jargon.
When talking to the board, CISOs
should carefully consider who their
audience is and the language they
use. CISOs will quickly lose their
audience if they overuse technical
jargon or obscure acronyms that few
outside of the cybersecurity industry
would understand.
The board is rarely composed of cyber
experts, so it’s more productive if
CISOs take time to translate the more
technical aspects of their presentation
into business language to make it
more relevant and engaging.
CYBER INSIDERS MAGAZINE
05