For cybersecurity professionals, talking to the company board is one of the trickiest challenges they face – and a new survey has shown that directors’ rank dealing with cyber security issues as their most intractable challenge.
We touched on this subject in some detail in our webinar in December – Why clear goals and a people-first approach lead to secure transformation – and it’s fascinating to see our perspective reflected from the other side of the boardroom table.
In a blog based on the webinar Stratia Cyber’s Senior Cyber Security Analyst Jon Stevens explained the difficulties of talking to the board – and admits that he recently removed the word ‘cyber’ from a job description in order to find someone who could speak to the board in plain English.
The most challenging issue
Research by SaaS governance company Diligent found that 38% of directors identify cyber risk as the most challenging issue they oversee – and the research shows that that has remained the case for almost a decade.
In this year’s interview with business leaders, cyber security ranks as the most difficult issue for directors overall, ranking higher than digital transformation at 35% and capital allocation at 30%.
For the business leaders surveyed, cyber security remains among their top priorities, with 32% saying that improving cybersecurity is a priority (although in fairness, this is dwarfed by the 60% interviewed in Diligent’s research who prioritise growing revenues).
The research also found that directors were ‘concerned’ over American rules on cybersecurity disclosures, with 59% bringing in consultants or external experts to handle the problem.
Diligent commented, “What’s interesting in this space, however, is the fact that year after year directors continue to rank cybersecurity as one of the most challenging issues to oversee—that’s been the case since we started noting the issue rising in in the ranks of board priorities back in 2014, nearly a decade ago.”
The importance of plain language
For professionals in this space, it’s all about talking clearly, in plain language and making sure your voice is heard.
In our blog, Jon explained the importance of good communication for cyber security professionals – and that effective communication with the board is paramount.
Jon said, “Ultimately, if you can convince the board to do something, they will cascade the message down to everyone within the organisation.
“But that relationship you’re going to have with them is a very fragile beast – and the very worst thing you can do is go in and speak geek. You must speak their language and explain cyber security risk in terms that the Chief Financial Officer can understand.”
Using clear, non-technical language is key to relieving directors’ anxieties around cyber security – and to securing buy-in and support for cybersecurity initiatives.
At Stratia Cyber we pride ourselves on always delivering information in plain English, so the directors of companies we work with can deal with cybersecurity quickly and effectively.