Educating Your Board of Directors on Cybersecurity

Thus, presenting a sky-is-falling scenario to justify a fatter security budget, “does not resonate at the board level,” she said in her talk. “Board members must be very optimistic; they have to believe in the vision for the company. And to some extent, they don’t always deal with the reality of what the situation really is.

Remember, it's about people, processes, and technology. Technology provides the data; processes are the glue that brings it together and makes cybersecurity part of the business process. And the people element is about taking the organisation on a journey. We need to present our KPIs in a way the organisation will understand to stakeholders who are

The simpler you can convey it, the better. Too often, cybersecurity professionals get mired in technical jargon only to lose their audience. “Be clear, unambiguous, and direct,” Noaman advises. “If you’re up front and say exactly what you need to do and put in terms of the why, you don’t have to explain the technical things, because now everyone ge

To achieve cyber resilience, it is crucial for organizations to align their cybersecurity priorities with their overarching business objectives. Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), emphasizes the need for security leaders to frame risks in relatable business terms and provide metrics that demons