How do you communicate security risks to your stakeholders without coming across like a scare tactic?

336 views1 Upvote5 Comments

Director Of Technology in Education, 51 - 200 employees
I clearly state to “Respect the mountain”.

We can do everything right and still be unable to fully ascend. How do we communicate COVID-19 risks without coming across like a scare tactics? Same idea. Threats can be mitigated not necessarily neutralized.
Deputy Chief Engineer(Information Technology) in Energy and Utilities, 5,001 - 10,000 employees
One approach can be by highlighting real world incidents resembling the security risks faced by the organization.
To be frank, security risks are best understood when things happen to us and not before. So, it is important to make them visualize in that position (which again will appear as a scare tactic of sorts).
Chief Information Officer in Manufacturing, 10,001+ employees
I typically break it down to a conversational level that they can easily understand. Like using their household as an example of a potential breach, or vehicle locking mechanism. etc..  You have to be able to connect with the audience or you lose them.. Hopefully when you have to relay risk, you have already built a relationship with them to have those conversations.
Senior Information Security Manager in Software, 501 - 1,000 employees
Use FAIR. It is a powerful methodology and helps the CSO/CIO/CTO speak and communicate to the board and senior management in a language they understand.
CTO in Software, 11 - 50 employees
By first communicating in a common, business oriented language that all stakeholders can understand. Then it's about proper context that security risks are not static, but elastic and it's not a binary situation of either being 'secure' or 'not secure', but rather how resilient your systems, networks, and employees are and having crisp plans of communication and remediation.

Content you might like


No, but I plan to36%

No, and I do not plan to10%


1.9k views2 Comments

SANS Cyber Security Leadership NOVA10%

ENISA Cybersecurity Standardisation Conference 202343%

Gartner Security & Risk Management Summit14%

SANS Cyber Security East (Feb edition)3%




Director of Systems Operations in Healthcare and Biotech, 10,001+ employees
By far the best place for me to travel was Shanghai. Loved the city and the vibe. Singapore is also an amazing place to have to be stationed for work.
Read More Comments
3.7k views4 Upvotes3 Comments