Request Demo

With high profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front row seat to the impact that cybersecurity can have on an organization’s bottom line. CEOs and Boards of Directors are growing increasingly concerned about the risk that poor cybersecurity posture poses to the enterprise in general. CISOs must deliver effective reporting to senior leadership but business side leadership needs to be prepared to ask for what they need.

Rolling Cybersecurity Risk Into Overall Risk

Of the business-side leaders that I’ve spoken with, the greatest challenge is understanding how this new configuration of cyber threats fits into the existing risk profile of the enterprise. CEOs and board members are incredibly adept at managing other forms of risk, yet cyber risk management appears to be a whole different challenge. Managing cyber risk as part of the organization’s overall risk profile, though, need not be as daunting as some think it is.

What To Ask Of Your CISO

As CEOs begin to start engaging with their information security leaders more, they need to make sure they’re asking for the right information to ensure success for both parties. Just as a CFO can produce financial risk models to empower decision making, so too can CISOs develop cyber risk models that do the same. The biggest thing that business leaders need to emphasize in this conversation is ensuring that their CISOs are employing the right risk modeling frameworks to be of value to both technical and non-technical stakeholders. There are multiple cyber risk frameworks out there but any framework is only as good as the decisions it helps facilitate.

Security Posture and Incident Response

In today’s world breaches and incidents are a matter of when not if. Whether looking at Marriott or Equifax, the world turns to the CEO when these incidents occur and expect answers. Traditionally cybersecurity programs have been secluded and misunderstood by business leaders. The more I speak with business leaders the more I’ve seen that siloing cyber without engagement from senior and business side management the greater the negative impact when a breach does occur. In varying degrees, oversight of cyber risk must be rolled up to the CEO and the Board with the more technical CISO guiding a cybersecurity strategy that empowers business growth.

What CEOs Need

CEOs and senior level business leaders need to not only be aware of their organization’s cybersecurity program but also have a high-level sense of the effectiveness of the organization. Whether in the form of an Executive Risk Report or otherwise, business leaders must be able to understand the overall cybersecurity posture of the enterprise.

It’s Not Just In The Event Of A Breach

CEOs and other senior leaders are nine times more likely to be the target of a social cyber attack. When commenting on the recent Verizon report, CyberSaint CEO George Wrenn said

The drastic increase in social attacks on C-level personnel points to the increased demand for cybersecurity awareness in the C-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the executive suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack.

CEOs business leaders need to be cyber aware not only in the event of a breach but because they are a highly targeted point of entry for a breach or worse.

Understanding Cyber Is Paramount To Business Success

The greatest risk facing many business leaders today lies in cybersecurity - as all organizations are faced with embracing new technologies to survive, CEOs can no longer be cyber unaware. The first step is engaging with information security leaders within your organization - start with the risks that can impact you specifically (phishing, for example), and expand your knowledge further. In tandem, collaborate with your CISO to ensure that the cyber risk metrics that they deliver fit into your existing risk structures for other facets of the enterprise - they want to deliver value as much as you want the information. In all, ensure that your organization is performing and secure while also knowing how to measure those success metrics.

You may also like

The Guide To A CEOs First ...
on May 16, 2019

One of the greatest challenges that CEOs and business-side leaders are faced with when tasked with implementing a cybersecurity program is the board-level reporting that goes on ...

Jerry Layden
What The NIST Privacy Framework ...
on May 14, 2019

On Wednesday May 1, the National Institute of Standards and Technology (NIST) released their latest draft version of the much anticipated NIST Privacy Framework. Following the ...

Padraic O'Reilly
The CEO's Guide To Understanding ...
on May 9, 2019

With high profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front row seat to the impact that cybersecurity can have on ...

Jerry Layden
The NIST Privacy Framework Is More ...
on May 17, 2019

In recent weeks, the National Institute of Standards and Technology released their latest draft of the new privacy framework. The forthcoming privacy framework will join NIST’s ...

The Road To An Internet Of Things ...
on May 2, 2019

As we’ve seen before, one of the greatest cybersecurity threats facing both consumer- and enterprise-focused organizations is the rise of connected devices - the internet of ...

George Wrenn
Is The NIST CSF Replacing HIPAA In ...
on April 30, 2019

In the recently released Cynergistek report on the state of healthcare sector cybersecurity framework adoption, I noticed an interesting trend - the rise in NIST CSF adoption and ...

George Wrenn