EXECUTIVE SUMMARY:
The CISO’s role is evolving. The modern CISO’s role demands a certain degree of business acumen and the ability to speak the same language as other C-levels. This is especially true when it comes to establishing relationships with, and making presentations to the board.
Experts indicate that CISOs habitually present board members with narratives that do not resonate. To the board, discussions pertaining to advances in malware and phishing threats lack a linear connection to business growth.
As CISOs begin to present concepts in ways that the board can easily grasp, trust is built.
Moving forward with cybersecurity initiatives depends on that trust. “When the board trusts the CISO, the CISO can do better, move quicker, act in the way they need to and get the funds they need. That’s critical…,” says cybersecurity professional Kris Lovejoy.
Lack of trust and inadequate communication can cost a CISO the job. Standard signs of trouble ahead include not presenting to the board, lack of dialogue after presentations, and being excluded from early conversations.
“If you’re not presenting to the board, when someone is doing it for you as a proxy, that’s a simple tipoff,” says Lovejoy.
When CISOs do have the opportunity to present to executives and the board, crickets post-presentation indicate that the presentation may not have included information that forwards higher-level objectives. This disconnect tears at trust.
Another indicator of a rocky relationship includes being left out of the early swirl of chatter concerning major corporate decisions. This slight emphasizes the fact that the CISO’s C-suite colleagues do not ascribe the highest level of value to what the CISO can bring to the table.
Steadying a teetering CISO/C-suite relationship is possible. These tried and true techniques could set you, as a CISO, back on the right track.
- Proactively communicate with board members. Inform them of the company’s cyber risks in easily understood terms, while offering the 360 degree, 30,000 foot view. Insure that your story is well-rounded, brief, and touches on all of the key points.
- When it comes to organizational risk tolerance, insure that everyone is on the same page. CISOs should ask for clarity on the board’s goals for the CISO’s role, thereby enabling the CISO to work towards success.
- Continually scale your relationships. Extend yourself socially to find a true sponsor on the board who you can rely on to back your initiatives, and to help push them forward on the agenda. Make your relationships count.
For more on the evolution of the CISO role, check out CyberTalk’s Where should a CISO Live?
For more on this story, please visit Business Insider.