Board members need to be aware of the cyber-security risks facing their company to ensure they steer the organisation in a secure direction. But it’s not always easy.
Cybersecurity has traditionally been a domain which was dominated by technologists who worked in remote server rooms. With the aftershocks of mega security breaches such as Equifax and Colonial Pipeline, however, it’s now evident that cyber security is an actual and real business risk that affects every aspect of an enterprise.
Boards are now demanding more from their CISOs, and their security teams. If it’s increasing the amount of money spent on new technologies or ensuring that staff receive proper training board members require an unambiguous and convincing understanding of how a well-trained security team can guard against the most sophisticated threats. This message must be conveyed to executives who are not technical in the boardroom.
A good way to do this is to make sure that security goals are aligned with the business objectives and use real-time metrics. By distributing regular reports that highlight the progress of your security measures, a decreasing risk index, and other important metrics, you will be able to provide the board with the information they need to drive decision making. Make a compelling story instead of simply passing on numbers. If you can share a true-life example of how the quick actions of your team averted a major threat and show your board that they are being protected and that their efforts are having an impact.
https://greatboardroom.com/does-your-board-need-an-entrepreneur/