CISOs and the Board: communicating effectively

CISOs and the Board: communicating effectively

Do you find that CISOs find difficulty communicating business issues with top leadership?

"If you explain this as a technical issue you will get the attention that a purely technical issue might deserve.”

Professor Marco Gercke, the founder of the CyberCrime Research Institute, talks to Jeremy Swinfen Green about how to make the Board sit up and take notice of cyber risks.

Marco Gercke will be speaking at the inaugural teissBenelux2020 cyber security summit, taking place online from 27 to 29 October 2020. For free registration and more information, click here.

Video transcript:

Do you find that CSOs sometimes have problems in communicating these instances with top leadership?

Well it's always, depending on how you do it. When you solely approaching this from a technical level and try to explain to people this is a technical issue, I think you will get the attention that a purely technical issue might deserve. However, if you're showing that this can be threatening to a whole company, and we've seen companies disappear because of cyber attacks, we can see that this can really threaten the core of the company. And that it is not only a minor technical thing that the computer systems might not work for a day or two but this can have severe impact and can ruin companies.

And I guess you will easily get the attention if you're making your case, if you're making a strong case by saying, OK, I'm going to show you what happened to competitors. It's this threat intelligence that is sometimes not there. What I would say it's fair to say is that companies do not like to talk about cyber attacks, so you will not necessarily know what happened to other companies that you can use as a theme and can show this happened to this our competitor. Let's do something.

Sometimes this information did not used to be out there. We're seeing that there are more and more sharing of this kind of information right now, so it makes it a little bit easier for those people want to pitch the topic, but my suggestion would be try to make the case that this is not an isolated technical problem, and you want to have some funding for technical solutions, but say we need a holistic approach that involves the board and then I think you will get the buy in. Especially we're realising that after going through those simulations that usually they the champion afterwards. They want to be the ambassador for this topic because they're realising it's so big and it affects them and therefore they want to take a proper response there.

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles