Request Demo

With high profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front row seat to the impact that cybersecurity can have on an organization’s bottom line. CEOs and Boards of Directors are growing increasingly concerned about the risk that poor cybersecurity posture poses to the enterprise in general. CISOs must deliver effective reporting to senior leadership but business side leadership needs to be prepared to ask for what they need.

Rolling Cybersecurity Risk Into Overall Risk

Of the business-side leaders that I’ve spoken with, the greatest challenge is understanding how this new configuration of cyber threats fits into the existing risk profile of the enterprise. CEOs and board members are incredibly adept at managing other forms of risk, yet cyber risk management appears to be a whole different challenge. Managing cyber risk as part of the organization’s overall risk profile, though, need not be as daunting as some think it is.

What To Ask Of Your CISO

As CEOs begin to start engaging with their information security leaders more, they need to make sure they’re asking for the right information to ensure success for both parties. Just as a CFO can produce financial risk models to empower decision making, so too can CISOs develop cyber risk models that do the same. The biggest thing that business leaders need to emphasize in this conversation is ensuring that their CISOs are employing the right risk modeling frameworks to be of value to both technical and non-technical stakeholders. There are multiple cyber risk frameworks out there but any framework is only as good as the decisions it helps facilitate.

Security Posture and Incident Response

In today’s world breaches and incidents are a matter of when not if. Whether looking at Marriott or Equifax, the world turns to the CEO when these incidents occur and expect answers. Traditionally cybersecurity programs have been secluded and misunderstood by business leaders. The more I speak with business leaders the more I’ve seen that siloing cyber without engagement from senior and business side management the greater the negative impact when a breach does occur. In varying degrees, oversight of cyber risk must be rolled up to the CEO and the Board with the more technical CISO guiding a cybersecurity strategy that empowers business growth.

What CEOs Need

CEOs and senior level business leaders need to not only be aware of their organization’s cybersecurity program but also have a high-level sense of the effectiveness of the organization. Whether in the form of an Executive Risk Report or otherwise, business leaders must be able to understand the overall cybersecurity posture of the enterprise.

It’s Not Just In The Event Of A Breach

CEOs and other senior leaders are nine times more likely to be the target of a social cyber attack. When commenting on the recent Verizon report, CyberSaint CEO George Wrenn said

The drastic increase in social attacks on C-level personnel points to the increased demand for cybersecurity awareness in the C-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the executive suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack.

CEOs business leaders need to be cyber aware not only in the event of a breach but because they are a highly targeted point of entry for a breach or worse.

Understanding Cyber Is Paramount To Business Success

The greatest risk facing many business leaders today lies in cybersecurity - as all organizations are faced with embracing new technologies to survive, CEOs can no longer be cyber unaware. The first step is engaging with information security leaders within your organization - start with the risks that can impact you specifically (phishing, for example), and expand your knowledge further. In tandem, collaborate with your CISO to ensure that the cyber risk metrics that they deliver fit into your existing risk structures for other facets of the enterprise - they want to deliver value as much as you want the information. In all, ensure that your organization is performing and secure while also knowing how to measure those success metrics.

You may also like

Risk Register Examples for ...
on July 29, 2020

Risk registers are a widespread utility among many cybersecurity professionals that allow practitioners to track and measure risks in one place. This type of reporting can quickly ...

3 Templates for a Comprehensive ...
on July 27, 2020

What is a Cyber Risk Assessment Information security risk assessments are increasingly replacing checkbox compliance as the foundation for an effective cybersecurity program. As ...

Infographic: The Six Steps of the ...
on July 24, 2020

As many organizations begin to mature their cybersecurity program, they are shifting to a risk-based approach to security. In most cases, security leaders are no strangers to ...

3 Cybersecurity Risk Areas to ...
on July 20, 2020

2020 has brought with it immense change across the cybersecurity risk landscape. The effects of COVID-19 pandemic are still ongoing, and the opportunities for new cybersecurity ...

Alison Furneaux
Efficient Demotivation: How Black ...
on July 16, 2020

As information security shifts from a siloed function to an increasingly relied upon business function and enabler, business executives and Boards have taken a greater interest in ...

Developing Your Risk Management ...
on July 14, 2020

The scope and process for an organization seeking to implement the NIST Cybersecurity Framework (CSF) can be daunting for even the most experienced CISO to handle. Despite the ...