Gartner Research

How to Build an Effective Cybersecurity and Technology Risk Presentation for Your Board of Directors

Published: 03 March 2016

ID: G00297468

Analyst(s): Paul Proctor , Rob McMillan, Jeffrey Wheatman

Summary

Risk and security leaders should provide board-relevant, business-aligned content, and abstract out the direct technology references. Minimize fear, uncertainty and doubt, while focusing on the readiness of the cybersecurity and technology risk program, and placing it in a relevant business context.

Table Of Contents
  • Key Challenges

Introduction

Analysis

  • Communicate With Your Audience on Their Own Terms
    • Understand the Board's Role and Responsibilities
    • Socialize the Key Messages Before the Presentation
    • Road-Test Your Presentation
    • Use Fear, Uncertainty and Doubt Sparingly
    • Focus on Readiness
    • Use Process Maturity as a Proxy for Risk Posture
    • Abstract Out the Technology
    • Stress Risk Management and Balancing Protection With Business Outcomes
    • Highlight the Business Value of Security and Risk Investments
    • Educate the Board on How to Influence Effective Security
    • Always End With an "Ask"
  • Avoid the Seven Deadly Presentation Sins
    • Too Much Technology
    • Overly Complex Slides
    • Too Much FUD
    • Lack of Business Alignment
    • Misleading Data
    • Too Many People in the Process
    • Failure to Connect With Board-Relevant Decision Making
  • Be Prepared to Address Objections and Personalities
    • Consider the Perspective You Want to Give the Board
    • Gather Intelligence
    • Be Deliberate With Your Terminology
    • Be Ready to Address Objections
    • Overcome Apathy
  • Ask for an Outcome and Request the Next Date

Further Reading

Appendix 1: Gartner Global Security and Risk Management Survey

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Purchase this Document

To purchase this document, you will need to register or sign in above

Become a client

Learn how to access this content as a Gartner client.