Boardroom Strategies: Present Cybersecurity Matters with Clarity and Simplicity, Recommend CISOs
In today's digital age, the importance of cybersecurity has never been more evident. Once relegated to the periphery, Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) are finally finding their voices at the C-suite table.
This evolution has been a long time coming. For years, CIOs struggled to gain a seat at the executive decision-making table, while CISOs are only now becoming more understood. As cybersecurity becomes a natural part of overall business goals, it changes how incidents are handled in the future.
So, what does this mean for CISOs? They should ask themselves what they are asking for and what they need from the board. David Baumgartner, EVP, CIO, and managed solutions leader at Mandiant, recommends providing context and a clear intention when presenting to the board.
PepsiCo is a shining example of this integration. The company has cybersecurity built into its crisis management, setting a tone for the company that integrates cybersecurity into overall discussions about customer impact, revenue, and availability.
However, effective communication remains a challenge. The last year has brought CISOs to a more prominent position, but executives still struggle with communicating cybersecurity risks in a language the board can understand. Baumgartner suggests using simple explanations, business terms, benchmarks, and comparative analysis to present information to the board.
Boards, for their part, have a critical control and monitoring function during an incident. Their effectiveness is reduced if they do not understand cybersecurity. They are responsible for asking questions, not for directly telling CISOs what to do.
There are ongoing concerns about unknown identity-security weaknesses among executives. Teresa Tonthat, VP of IT and CISO of Texas Children's Hospital, emphasizes the importance of transparency when dealing with the board. She uses the news cycle to educate her board about cybersecurity risks in the media.
Companies should also consider whether they are putting enough protection around the product or solution that most represents their business. This is a crucial step in integrating cybersecurity into the overall business strategy.
SolarWinds, following a breach, overhauled its committee structure to include a committee with additional board members to oversee IT and cybersecurity. The identity of the person who took over the Nominating and Corporate Governance Committee of SolarWinds in 2020 to oversee cyber risk is not provided in the available search results.
As boards recognise that their entire business is dependent on technology, they are becoming more proactive in their approach to cybersecurity. They are now actively asking CISOs if they need anything, a significant shift from the past.
In conclusion, as cyber risk is increasingly being meshed with systemic risk, it is essential for CISOs to effectively communicate the importance of cybersecurity to the board. By providing clear, concise, and business-oriented information, CISOs can help ensure that their companies are better protected against cyber threats. And in the event of an incident, boards can play a more effective role in controlling and monitoring the situation.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- Toddler Health: Rotavirus Signs, Origins, and Potential Complications
- Digestive issues and heart discomfort: Root causes and associated health conditions
- House Infernos: Deadly Hazards Surpassing the Flames
