Share This:

From our sponsor

A CISO needs to be many things. One of the most important, and possibly underestimated, is the need to be a good storyteller.  CISO

It can be hard for non-technical senior managers to understand the cyber risks facing their organization. Just over a third (35%) of the smaller businesses surveyed for a recent international study said that senior managers don’t see cyberattacks as a significant risk — although a quarter admit that leaders aren’t kept up to date about threats facing the organization.

This is not a question of management failure; it is difficult to be interested in or care about something you don’t fully understand. CISOs need to be able to influence people at all levels in the organization and help them to understand and engage with security policies, incident response, and more. The time spent listening to and learning about your key stakeholders is one of the best investments you can make.

As part of our CIO/CISO cyber resilience series, I’ve written a short guide on what works for me. The CISO script: How to talk to business leaders about security risk is published together with a template PPT deck that security leaders can download and adapt when presenting cyber-risk and cybersecurity issues to the Board.

The guide outlines in more detail the three key conversations every CISO needs to have:

  • With technical colleagues, such as engineers, developers, and security researchers: These are the people you might one day be calling at 02.00 am with an urgent request, so it helps to build strong relationships and understand how security looks from their perspectives.
  • With senior managers: Regular, scheduled meetings with the most senior stakeholders in critical risk areas such as engineering, finance, and legal, looking at how things are evolving in the threat and security landscape and what this means for the business roadmap, risk, compliance, and more.
  • With the board: Every board is different. Learn what you can about the people around the table and make sure your slides speak to them in a language and concepts they will understand. What is the key to capturing their interest and attention?

In short, CISOs need to show senior managers and the board where the risks lie, how their team is addressing them, and how they will keep the company resilient in a world where cyber incidents are common, unpredictable, and potentially destructive.

To learn more about the key security conversations and how to present cybersecurity to the board, get your copy of the script and presentation template now.

This article was originally published at Barracuda Blog.

Photo: Oasishifi / Shutterstock


Share This:
Riaz Lakhani

Posted by Riaz Lakhani

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *