CISOs live and breathe risk every day. We combat malware, stop malicious insiders, and enforce compliance.
But being out of step with your board presents another kind of risk. If we can’t articulate the potential impact of security issues, they’ll probably continue to pose a threat. This is the quintessential challenge for CISOs and their boards — telling our security story at the right altitude to people who can support our vision. In this year’s CISO Report, we put this relationship under a microscope to find out what each thought about their other half. The survey confirmed a trend we’ve been seeing in recent years that CISOs are interacting more with boards.
However, there are still many areas of misalignment, including what skills are most important for CISOs to develop, how CISOs spend their time, and what strategies are effective in persuading our boards for additional budget. To bridge these gaps, CISOs will have to speak the same language as their boards. In my experience, that means getting a lot more face time with them and other company leaders to understand the business better and make security a business enabler. CISOs who can attach security to revenue and know what keeps the board up at night will demonstrate they have skin in the game and can offer solutions — not just problems they need the board to solve.
We hope that The CISO Report will be a resource for you to tell your story, bridge communication gaps, and earn the board’s support for your security program.
