CISOs and the Board: communicating effectively

Do you find that CISOs find difficulty communicating business issues with top leadership?

“If you explain this as a technical issue you will get the attention that a purely technical issue might deserve.”

Professor Marco Gercke, the founder of the CyberCrime Research Institute, talks to Jeremy Swinfen Green about how to make the Board sit up and take notice of cyber risks.

Marco Gercke will be speaking at the inaugural teissBenelux2020 cyber security summit, taking place online from 27 to 29 October 2020. For free registration and more information, click here.

Video transcript:

Do you find that CSOs sometimes have problems in communicating these instances with top leadership?

Well it’s always, depending on how you do it. When you solely approaching this from a technical level and try to explain to people this is a technical issue, I think you will get the attention that a purely technical issue might deserve. However, if you’re showing that this can be threatening to a whole company, and we’ve seen companies disappear because of cyber attacks, we can see that this can really threaten the core of the company. And that it is not only a minor technical thing that the computer systems might not work for a day or two but this can have severe impact and can ruin companies.

And I guess you will easily get the attention if you’re making your case, if you’re making a strong case by saying, OK, I’m going to show you what happened to competitors. It’s this threat intelligence that is sometimes not there. What I would say it’s fair to say is that companies do not like to talk about cyber attacks, so you will not necessarily know what happened to other companies that you can use as a theme and can show this happened to this our competitor. Let’s do something.

Sometimes this information did not used to be out there. We’re seeing that there are more and more sharing of this kind of information right now, so it makes it a little bit easier for those people want to pitch the topic, but my suggestion would be try to make the case that this is not an isolated technical problem, and you want to have some funding for technical solutions, but say we need a holistic approach that involves the board and then I think you will get the buy in. Especially we’re realising that after going through those simulations that usually they the champion afterwards. They want to be the ambassador for this topic because they’re realising it’s so big and it affects them and therefore they want to take a proper response there.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]