• Home
• News

Conveying Your Security Needs to the Board in Six Minutes or Less

Nick Kathmann, LogicGate CISO

Ask any business leader what their top-level concerns are, and cybersecurity will almost certainly be at or near the top. The average cost of a data breach now sits at $5 million, and that number continues to tick upward with each passing year. Adding to the severity of security, the frequency of attacks is also rising. Ransomware attacks alone have risen more than 80% in the past year, highlighting that adversaries are still finding success with tried-and-true tactics. Phishing and other social engineering tactics are also on the rise as attackers adjust their strategies to focus on not just technology, but human beings as well.

With that in mind, you might expect CISOs to play a more prominent role in shaping the future of the business—but that isn’t always the case. My conversations with other CISOs have revealed that CISOs can generally expect to spend about six minutes speaking with corporate boards in a given quarter. That’s not a lot of time, which means CISOs need to make their points efficiently and effectively. GRC expertise with a Rolodex of security acronyms isn’t going to help — today’s CISOs must be able to speak to board members and other business leaders in language that resonates with them. However, with CEOs, COOs and other executives increasingly coming under fire when breaches happen, boards are starting to pay more attention to cybersecurity. CISOs must take advantage by making the most of their limited time with effective and informative messaging.