Clearing the Air On Cyber Risk

Published on April 18, the inaugural Cyber Balance Sheet Report is already making waves within the cybersecurity community. The Report illuminates the most significant communication barriers between cybersecurity professionals and the head decision makers within a company, finding that there is still a long way to go until both parties start speaking the same language. The early popularity of the Report only underscores this fact - CISOs are all too eager to figure out better ways of getting through to skeptical boards.  What are CISOs and Boards disagreeing on? Take a look at a few of the most pressing communicaiton challenges highlighted in the Report:
  • Conveying the value of security - CISOs overwhemlingly reported that they struggle to get the Board to invest more into their programs, citing the difficuly of communicating security in business terms. 
  • Lack of confidence from the board - The vast majority of CISOs report confidence in their security program, while the vast majority of Boards feel the opposite, citing CISOs' inability to consistently deliver on projections.
  • Meaningless metrics - CISOs reported to rely on day-to-day metrics like security incidents and system defects, while Boards are more interested in the big-picture outcomes of security.
The graphic below illustrates 5 of the 10 key tips for how CISOs can more effectively talk about cyber risk with the Board:
 

The Cyber Balance Sheet Report is sponsored by Focal Point Data Risk and independently researched by the Cyentia Institute. The Report comes as a result of the first annual Cyber Balance Sheet Summit that was held in New York City in January 2017.

Interested in attending the next Cyber Balance Sheet Summit? Click here for more information and to request your invite.