CISOs and the Board: communicating effectively

Do you find that CISOs find difficulty communicating business issues with top leadership?

“If you explain this as a technical issue you will get the attention that a purely technical issue might deserve.”

Professor Marco Gercke, the founder of the CyberCrime Research Institute, talks to Jeremy Swinfen Green about how to make the Board sit up and take notice of cyber risks.

Marco Gercke will be speaking at the inaugural teissBenelux2020 cyber security summit, taking place online from 27 to 29 October 2020. For free registration and more information, click here.

Video transcript:

Do you find that CSOs sometimes have problems in communicating these instances with top leadership?

Well it’s always, depending on how you do it. When you solely approaching this from a technical level and try to explain to people this is a technical issue, I think you will get the attention that a purely technical issue might deserve. However, if you’re showing that this can be threatening to a whole company, and we’ve seen companies disappear because of cyber attacks, we can see that this can really threaten the core of the company. And that it is not only a minor technical thing that the computer systems might not work for a day or two but this can have severe impact and can ruin companies.

And I guess you will easily get the attention if you’re making your case, if you’re making a strong case by saying, OK, I’m going to show you what happened to competitors. It’s this threat intelligence that is sometimes not there. What I would say it’s fair to say is that companies do not like to talk about cyber attacks, so you will not necessarily know what happened to other companies that you can use as a theme and can show this happened to this our competitor. Let’s do something.

Sometimes this information did not used to be out there. We’re seeing that there are more and more sharing of this kind of information right now, so it makes it a little bit easier for those people want to pitch the topic, but my suggestion would be try to make the case that this is not an isolated technical problem, and you want to have some funding for technical solutions, but say we need a holistic approach that involves the board and then I think you will get the buy in. Especially we’re realising that after going through those simulations that usually they the champion afterwards. They want to be the ambassador for this topic because they’re realising it’s so big and it affects them and therefore they want to take a proper response there.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]