• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, Facility, IT Infrastructure, Network Security

How To Communicate Cybersecurity To The Board

CISOs must be able to clearly communicate cybersecurity to the board in today's evolving business and tech landscape.

September 1, 2021 Alyssa Borelli Leave a Comment

Infosec, Cybersecurity Awareness
alfa27/ stock.adobe.com

Today’s business and technology landscape are constantly evolving and with that comes threats — particularly cybersecurity. Some cyber security chiefs (CISOs) may feel a sense of disconnect with their board of directors and must learn to effectively communicate cybersecurity to them in a way that is not overly technical.

CISOs should have regular dialogue with the board and be prepared to have a part in almost every board meeting. However, “communicating to the board is more of an art than it is science,” says Myrna Soto, Apogee executive advisors CEO, at a WSJ Pro Cybersecurity webinar.

Threats, especially cyber, are a forever process – so it’s not a one and done conversation with the board. CISOs should let the board know how the business can react to a total changing market condition or changing cyber threat, and how the business can respond to it, meanwhile keeping the business going.

“Ten years ago we were talking about bird flu, it never really materialized, but suddenly here’s COVID,” says Scott Howitt, McAfee CIO, at a WSJ Pro Cybersecurity webinar. “The threat isn’t necessarily imminent, but we should talk about it in case it happens,” he says.

With cyber incidents like SolarWinds and the Colonial Gas Pipeline, the Biden administration set out aggressive response and new frameworks. However, “we have to be very careful that board members do not believe that regulation, and or any type of oversight from the government will be the silver bullet,” says Soto. “Very often many of the regulations, or many of the standards that are drafted are very good, the only problem is that their static in nature, and obviously, we know that that our environment is everything but static.”

Related: SolarWinds Report: IT Pros, Leaders Aligning More on Cyber Risk

“I always recommend CISOs to do is whenever there’s an incident at another organization that is headline worthy, that you immediately start to prepare to explain to your board; while you may be different, what you may be doing that may be different, or how you may also be at risk, and that’s the opportunity to request support” says Soto.

For smaller organizations, that don’t have a board of directors, there should be at least a committee or council made up of the people who manage the different functions of the organization that the CISO can approach. A CISO must go into the board with a business head — it’s about 70% listening and 30% suggesting a solution, says Howitt.

Soto recommends three key things to convey in the meeting: the ability to protect company data, third party risk exposure, and the ability to manage privileged access management.

One thing CISOs must do is communicate how valuable data is — technology is everywhere. Howitt recalls working at a casino where the temperate of the chickens in the refrigerators were closely monitored at the proper temperature. For human health and safety, it was important that the company protected that data system.

CISOs, or any business leader should ask what they are doing to make sure that they have the least impact if something goes wrong to those technologies.

Tips for Communicating Cybersecurity to the Board

Chris Labash, Carnegie Mellon University Associate Teaching Professor said at a WSJ Pro Cybersecurity webinar, the most valuable things you can give board members is honesty, expertise, respect for their time, and clarity about what you want.

Most board members will be prepared as soon you enter the room and will have read the read-ahead (up to three times) before the meeting. Board members are time constrained and the CISO is just one thing on the agenda.

Labash recommends beginning with the BLUF – Bottom Line Up Front. Don’t just tell a story or walk board member through powerpoint slides, give context and demonstrate how it relates to what’s happening in the industry.

CISOs must be engaged and be engaging, “board members will never care about your presentation more than you do,” says Labash.

The basics of presentation delivery, such as having good eye contact and being articulate about things about the business are important. Don’t use jargon and don’t read your slides or a script off of an iPhone.

When speaking with the board, have energy, slow down, and don’t present.  The meeting should be a conversation not a presentation.

If you’re bored by your own presentation, the audience will be too. “You can’t bore anyone into buying your product,” said advertising tycoon, David Ogilvy.

Labash recommends monitoring your cadence, slow down if talking fast. If you must use a PowerPoint, add visuals that add to the understanding and the least amount of cognitive load.

A CISO must look at the data and see what the data tells. “That method is a much more honest way of going about it than cherry picky data that supports some narrative,” said Labash.

“If you are presenting, you are losing,” says Labash. CISOs need to focus on what it is they need up front.

Anticipate questions the board is going to ask and incorporate them into the presentation. If addressing the board in a group, know who will answer what.

The more relaxed you are, the more you can convey how to help them solve a business problem.

Tagged With: Board of Directors, CISO, Communication, Cybersecurity

Related Content:

  • Barracuda networks ransomware, cyberinurance Ransomware Actors May Be Targeting Organizations With Cyber…
  • Bitwarden Secrets manager Bitwarden Releases Beta of Secrets Manager for DevOps…
  • Cisco Webex Board Pro, MIcrosoft Teams, Webex You Can Now Natively Run Microsoft Teams Rooms…
  • Zoom Okta E2EE Zoom Users Can Now Use Okta to Authenticate…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.