Kudelski Security, the cybersecurity division within the Kudelski Group has released a new research report, Cyber Board Communications & Metrics – Challenging Questions from the Boardroom, that features the perspectives of enterprise CISOs from large global organizations. The report features discussions and opinions on how security leaders have improved relationships and communication methods to better inform non-technical executive leaders, measure and report on security priorities, and increase organizational support for security initiatives. This includes the top questions CISOs face, as well as tips to improve presentations made for the board of directors.
This is the first executive research created in conjunction with Kudelski Security’s Client Advisory Council (CAC), a cybersecurity think tank made up of top-level information security leaders from global enterprises. “Kudelski Security’s Client Advisory Council is a gathering of some of the most knowledgeable and successful leaders in the security industry,” said Rich Fennessy, chief executive officer, Kudelski Security. “Working together we conducted extensive research to present the opinions and experiences of CISOs from organizations of all types to help the broader industry. Our belief is that we can all benefit from the shared experiences of proven leaders and learn how we can challenge the status quo to impact real change in our industry. We thank each of our Council members for their tireless support.”
For this research engagement, the Client Advisory Council focused on the need to enhance board awareness of the cyber challenges their organizations face, and in improving their confidence in the CISOs they have charged with their organization’s security. Through a lengthy and thorough process of industry surveys, focus groups and individual interviews, the CAC confirmed its hypothesis: CISOs need to better communicate programs and initiatives in a way that is meaningful to their counterparts and boards.
According to Kudelski, the key to helping boards understand cybersecurity is to understand what they really want to know when they ask the questions they do. The research report outlines a strategy to answer the five most challenging questions, including “Are we secure?” and “How does our security program compare to our industry peers?” along with strategies, communication approaches and detailed advice on best-use of metrics.
“Communicating with a board is among the most challenging yet vital and impactful responsibilities a CISO could have,” said Almir Hadzialjevic, CAC member and Vice President, Enterprise Risk & Security, Aaron’s, Inc. “Most boards are made up of sophisticated leaders who, while being experts within their domain, simply do not speak ‘technology.’ Nevertheless, they have a strong understanding of the business, risks to the business, financial and reputational implications, and play a critical role in the effective oversight of the company’s cybersecurity program. This presents a unique challenge for a CISO trying to relay the vital importance of a robust and mature cybersecurity program, and the need for investment in it. A partnership between CISOs and their board of directors is crucial, and the effectiveness of any company’s security program depends on it.”