Imagine that boards are from Mars and CISOs are from Venus. Well, one day not that long ago, a board of directors got on a rocket ship that left Mars and flew to Venus. When the board landed, it met a CISO, and they formed a beautiful bond with a shared passion for business.
They got along great; the CISO kept the board safe, and the board made sure their rocket ship was on a clear path. Things were going so well that they couldn’t remember what life was like before they found each other.
Total Economic Impact™ study
Learn how customers who implemented the SecurityScorecard Ratings and Atlas platforms were able to achieve a 198% ROI over three years based on our commissioned Forrester Consulting’s Total Economic Impact™ study.
Service Providers
- Expand your security portfolio and professional services with integrated reference architectures.
- Protect your customers with comprehensive security visibility.
- Integrate and certify your product-and-services delivery.
- Grow your business and deepen your customer relationships.
- Gain access to joint marketing opportunities with SecurityScorecard.
Use this template to build a deck that will make you look like a champion when you report to the board on the effectiveness of your security program.
Key Strategies for Cybersecurity Board Meetings
According to Forrester Research: Building a strong security culture is no easy task; it requires strategy, vision, people, and the right attitude to change behavior and set a cultural shift in motion.
CISOs can use a catalog of activities to move beyond online training courses and more effectively engage the hearts and minds of executives and the board, whose advocacy sets the tone from the top and is crucial to security’s funding and success.
This report highlights some of the best influence and engagement activities that security leaders around the world use to engage and influence a culture of security among execs and boards:
- Strategies used by global security leaders to cultivate a security-conscious culture among executives
- A one-page infographic to communicate security best practices
- Questions that boards and risk committees will ask about cybersecurity
Access the Forrester Report.
Speakers:
Jasper Ossentjuk, Nielsen IQ
Anna Sarnek, SecurityScorecard
Tom Bechtold, SecureWorld
Cyber risk is not just a security issue, it’s a business issue.
As a result, it’s rightfully become an executive level discussion topic. That said, security teams often need help articulating risks in business and financial terms required to gain the attention of CEO and Boards.
Translating cyber-risk into financial risk creates a meeting of the top minds that accelerates business decision-making. Proving the effectiveness of a security program and justifying the budget in this way makes CISOs look like champions. Moreover, alignment of security leaders and top business stakeholders maximizes resources and sets expectations for how an effective security posture can enable business growth by building trust and defending against costly cyberattacks.
In this presentation, you will learn:
- Why traditional risk quantification methods are not working for cyber risk
- Use cases for cyber risk quantification
- How security ratings data combines with risk modeling to drive actionable conversations on cyber risk
Cybersecurity in the Board Room Academy Course
Jasper Ossentjuk, NielsenIQ
While technical talk resonates with security professionals, it’s the language of profit and loss that resonates with boards. Cyber professionals who interact with the board would do well to communicate in terms that are more quantifiable and tailor their language to what resonates with that audience: How much risk a security program will mitigate – in dollars and cents.
For more watch the full webinar.
Anna Sarnek, SecurityScorecard
As an organization comes to an understanding of how much risk it’s willing to accept, risk quantification and decision analytics enables a clear understanding of ROI in financial terms.
This allows the conversation to shift from talk of throwing money at the problem and hoping for the greatest return to an understanding of risk mitigation and whether the organization is willing to accept the level of risk. The next step is exploring risk transfer via cyber insurance.
For more watch the full webinar.
Jasper Ossentjuk, NielsenIQ
When CFOs present to the board, they generally don’t have to start with Finance 101. Boards tend to have an understanding of quarterly results, the yearly forecast, and the stock price. But CISOs need to deliver a two-part message including both foundational technical information and cybersecurity risks framed within a financial context. Telling the board that there are a lot of unpatched vulnerabilities, for example, doesn’t do anyone much good. It’s more effective to use financial benchmarks or even metaphors to convey cyber risk in terms that will resonate with the audience.
For more watch the full webinar.
Anna Sarnek, SecurityScorecard
Even as technical representation becomes more common on Boards, the list of security remediation recommendations can be overwhelming. One of the many ways that CISOs bring value is by prioritizing which actions to take. Moreover, they can put these remediation activities in the context of the financial and operational impact to the business.
For more watch the full webinar.
Jasper Ossentjuk, NielsenIQ
When a breach happens, the “blame game” of firing the CISO or CIO falls short of creating the right accountability. Having cyber expertise on the board and a process by which cyber risk is discussed at board level encourages shared accountability in leadership with a goal toward proper investment, proper governance, improved control environments, and stronger security programs.
For more watch the full webinar.
