Understand what to include in your security presentation for top executives.
Presenting the state of security to the board of directors is becomming the new normal for security and technology leaders. Boards bear the reputational and financial damage if a breach were to occur. They need to understand what is happening in the threat landscape and what risks the business is facing.
Boards want to understand two things:
- the risks to the business
- how well the company is managing those risks
Board members are not security or technology professionals, so avoid the tactical components of your program. Instead share how security dollars spent lead to outcomes like risk reduction, productivity achievements and new strategic undertakings. Boards want to know that risk is being managed and that the security program is aligned with the business’s goals.
It’s also important to explain your limitations and weaknesses. Make sure the board understands the new threats to your organization, your industry and the types of data you handle. Depending on your appetite for risk, this may require the need for additional investments.
What not to include in your cybersecurity board presentation
- Acronyms and technical jargon
- Tactical plans that tell how security tools work
- A problem with no solution
- Metrics without measurement
- Data without business relevance
- Too much data!
What to include in your cybersecurity board presentation
- Business language, full names and descriptions
- Strategic plans that demonstrate why security is a means to a business outcome
- A realistic roadmap for improvement
- Replicable metrics that track trends
- Confidence-building stories about proactive plans and threats stopped
If your board hasn’t already added cybersecurity assessment to their agenda, they will. Gartner estimates in 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.
As businesses become more digitally reliant, having a sound security strategy that includes the right talent, services and technologies is essential.
Watch our previously recorded webinar Presenting Cybersecurity to The Board and C-Suite Like a Pro where we went in-depth on how to effectively report cybersecurity to top execs.