How can security leaders more effectively communicate risks to the business and board?

1.9k views1 Upvote5 Comments

CEO in Services (non-Government), 2 - 10 employees
It’s an exercise in influence. First, identify the top priorities set by the business and specific points where better security enables or poor security blocks meeting these goals. Security is only 1 of many types of risks that businesses and boards face, and they must all be considered in the context of reaching critical company goals. You may never be able to convince them to care about security risks for the same reasons you do, instead align security with their existing motivations. They don’t need to join the band in order to play your song.
Director of Engineering in Energy and Utilities, 10,001+ employees
Finance is probably the best way to communicate risks to business and board. Real-life examples will go along a long way in communicating these risks.
CIO / Managing Partner in Manufacturing, 2 - 10 employees
Should make sure that cybersecurity is a standing board agenda item.
CIO in Software, 51 - 200 employees
Security must be on every team's agenda of the organization, either it is building security, data security, infrastructure security, people security. How to influence it? CISOs should bring awareness to their peers, people up and down the hierarchy, knowledge center, policy enablement and separation of duties between teams and within teams. A continuous periodic exercise of security reevaluation is a must in the organization.
Assistant Director IT Auditor in Education, 10,001+ employees
Tell them in simple terms what can happen to the business if risks exposure is realized and the organization's ability to meet its financial and strategic goals.  Sometimes the worst case scenario, like ransomware infection on the organization's computer systems and data.  Risk is a very tricky thing to address because it is so many that can affect an organization. Depending on your business, you may need a separate group/department to manage and address it.  A key partner should be the internal audit department.

Content you might like

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
70.4k views71 Upvotes41 Comments

Exclusively via organization-managed desktops, laptops, and mobile devices (phones and tablets)40%

Via a hybrid of organization-managed AND employee owned desktops, laptops, and mobile devices (phones and tablets)50%

Exclusively via employee owned desktops, laptops, and mobile devices (phones and tablets)6%



1.6k views2 Upvotes








Community User in Software, 11 - 50 employees

organized a virtual escape room via - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
8k views26 Upvotes58 Comments