Most Boards today know that cybersecurity is a critical issue that simply cannot be overlooked — which means many Boards today receive regular briefings on the topic. If you’re a new CIO or CISO (or your organization has just begun this practice) it’s absolutely critical that you establish credibility when you present to your Board of Directors. If you’ve been asked to present and you’ve never briefed a Board of Directors on cybersecurity before, your questions are going to be far different than they would be if you had seven or eight presentations under your belt. So below, we’ve detailed some of the topics you should include in your cybersecurity Board of Directors presentations — for both first timers and seasoned presenters.
If this is your first presentation to the Board, your goal should be to provide a very high-level overview. You’ll want to give a short background on cybersecurity, what it means, and why you (and your department) should be concerned. It’s extremely important to speak in a language that the Board can understand — which means cutting out any technical jargon. Instead, talk in terms of risk management, stock price, and bottom line.
Below are some of the topics you may want to cover in your first presentation:
Now that you’ve completed your first cybersecurity presentation to the Board of Directors, your goal should be to continuously educate the Board on critical issues. This means your focus for these presentations should shift, as the Board should be briefed on the effectiveness of the risk management tactics you’re employing. In other words, the Board should know where you are succeeding, how you are succeeding, and any areas that need strategic improvement.
Here are some topics you should focus on in your ongoing presentations to the Board:
Knowing the right point to brief the Board on is critical — but there’s much more to an effective cybersecurity Board of Directors presentation. Download our ebook to learn how to take a risk-based approach to cybersecurity reporting.
Boards are increasingly looking at cybersecurity as a crucial part of the business. The problem is, the board doesn’t always know what to look for or how cybersecurity impacts the business. What the board really wants to hear in the next...
One of the more challenging aspects of third party risk management is effectively communicating risk. Often the risks posed by vendors are highly technical, and it can be tempting to simply put together a slide or list to review with...
While many IT, security, and risk professionals have developed good metrics and visuals for communicating internally about cyber risk, such as the safety cross and pareto charts, reporting on cybersecurity to non-technical individuals...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469