EXECUTIVE SUMMARY:

The cyber security landscape is fast-evolving and security represents a critical concern for companies in every industry. The threats are increasing. Businesses are facing more pressure than ever before to get data management right. But CISOs and executive teams are prone to stumbling in this one area…Here’s what every business leader needs to know in order to achieve security success.

What we’ve seen

In the last decade or so, data management needs in the digital space have shifted in profound ways. Initially, organizations simply hired someone technical to take care of all technical aspects of data storage and maintenance. However, over time, organizations began to recognize that data not only requires technical management, but also involves a complex web of people and processes.

By necessity, the role of the cyber security leader has transformed from a quiet, technical, process manager job to that of an active business advisor, business influencer, security spokesperson and, ultimately, C-level position. But this transformation of the role has led to hidden points of friction that continue to affect organizations today…

Maturity of the CISO

In this new C-level set-up, CISOs have had to build new skills to help their organization fend off cyber adversaries, become more risk averse, and increase risk resilience. But the majority of CISOs weren’t and aren’t equipped with the business skills demanded in C-level positions. Most CISOs do not have MBAs. And only about a third of CISOs say that they have the communication skills required to succeed.

For CISOs who lack a permanent ‘seat at the table,’ communication with executives can prove particularly challenging. However, just because a CISO lacks a standing invite to executive-level meetings doesn’t mean that it’s not possible to have a strong impact.

The following communication tips can assist CISOs in meeting executive-level expectations, and in reconfiguring fraught and uncertain business relationships.

     Easy-win communication tips for CISOs

  • When communicating with executives, ensure that communication is clear, concise, non-technical and engaging.
  • Present comprehensive concepts and avoid diving into details.
  • Translate technical risk into business risk.
  • Remember, CEOs and the C-Suite are generally looking to see the bigger picture as it pertains to risk.

    More strategic communication tips for CISOs

  • When presenting metrics, be selective. Choose metrics that executives can easily understand and relate to.
  • When presenting risk, describe it as a business problem.
  • Show a framework for your thinking – for example, build stories around a few recent cyber security incidents.
  • Narrate the value of security.

Further thoughts

The CISO is now a digital business leader who drives key initiatives across an organization. In the past few years, as cyber security breaches have dramatically increased, CISOs have risen to the occasion – mastering a range of capabilities and competencies for increased effectiveness in this newly multi-dimensional role.

Nonetheless, communications with the C-Suite as they pertain to cyber security can still be a quandary for those who are new to it. What many often miss is that a serious disconnect between CISOs and executive-level leaders can result in a devastating and largely preventable cyber security breach. Leverage the tips outlined in this article to achieve cyber security success within your organization.

For more insights into the evolution of the CISO role, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.