Strategies for Expressing Cyber Risk in Language Suitable for Executive Discussion
In today's digital age, the question of whether organizations are potential targets for cyberattacks is a pressing concern for corporate stakeholders. This interest extends beyond just the risk calculus of technology stacks; stakeholders are keen to understand the specific risk calculus that applies to their own organizations.
Understanding the board's perspective is crucial in this context. The role of the Chief Information Security Officer (CISO) may not always align with that of board members, given their different perspectives. However, effective storytelling can help bridge this gap.
Storytelling, a fundamental communication vehicle that precedes the written word, is an effective way to help board members process, relate to, and act upon information. Neuroscience research indicates that human brains are wired for stories, and certain story formats can affect brain chemistry. By using analogies and making cybersecurity stories relatable and memorable, CISOs can align them with the board's interests and measure risks in terms they understand.
To craft powerful stories, it is beneficial to understand what matters to the board and the currency of their thinking. This can be achieved by leveraging public company resources, such as reading the 10-K report, and researching board members' backgrounds. For instance, understanding that Dr. Susanne Gebauer is a CEO of a vocational training organization, Kathrin Jackel-Neusser has management experience in medical and youth advocacy associations, and Dr. Alice Melchior focuses on research, innovation, and AI projects, can provide insights into their interests, passions, and professional history.
Establishing relationships with individuals who are especially passionate about technology or cybersecurity can also help. Asking for personal introductions or leaning on your boss and other senior leaders in your internal network can provide first-hand impressions and insights about the board. Informal conversations with these individuals can offer insights about the board dynamics before formally meeting with the entire group.
Moreover, the individual backgrounds and specific interests of the board members vary by organization. Other boards may include political figures, industry leaders, or association executives, each bringing their own agendas related to governance, policy, or sectoral focus. Clear understanding of these backgrounds helps tailor communication and aligns interests within board discussions.
In conclusion, the heightened role of CISOs in organizations, given recent high-profile cyberattacks, requires effective communication with the board. By using the art of storytelling, CISOs can ensure that their messages are not only heard but also understood and acted upon by the board, ultimately safeguarding the organization from potential cyber threats.
