<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Ratings

How Practitioners Can Share Their Security Expertise With the Board

Alex Campanelli | July 11, 2017

There’s no doubt that organizations understand the value of implementing strong cybersecurity programs and encouraging their third parties to do the same. As data breaches continue worldwide, 63% of those breaches are caused through a third party vendoraccording to Soha Systems’ Third Party Advisory Group. As such, Boards of Directors realize the need to have security and risk practitioners such as Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) provide their expertise and guidance. In today’s landscape, cyber risks are at the front of Boards’ minds. This is why it is critical that security practitioners be in the room.

Here are three ways that security practitioners can get involved with Boards and help formulate a strong security program.

1. Stay up-to-date with current events and facilitate company alignment.  

Major global breach events are taking place almost weekly and Boards want to know if their own organizations are at risk. It’s a security practitioner’s job to stay up-to-date with these events and understand how they could affect their business. For example, with the recent WannaCry or NotPetya/GoldenEye ransomware attacks, it is critical to know if either your organization or one of your third or fourth party vendors is affected. The Board of Directors needs to know how any event such as this can affect daily operations and revenue.

2. Regularly provide updates on an existing security program and measures.

It’s important for the Board to be regularly updated on your organization’s security posture in terms that they can understand and relate directly back to business value. Providing this visibility shows the Board the importance and effectiveness of a strong security program. This ensures that an organization’s security team and Board are aligned in terms of allocating resources and budget for any cybersecurity practices that are a priority.

3. Use a clear reporting tool to convey security metrics.

How security practitioners convey information to a Board needs to be clear and effective, without technical jargon. A solution like BitSight Security Ratings allows your organization’s Board of Directors to clearly understand your security posture and performance in relation to your industry peers, and to see this over time. By presenting easy-to-understand metrics to the Board, they can clearly get a sense of how their business is performing from a security and risk perspective.

Today, organizations are using BitSight Security Ratings to monitor third party risks, benchmark security performance, assess and evaluate merger and acquisition targets, underwrite cyber insurance, and effectively communicate security performance to upper level management to drive data-driven risk management practices. Since BitSight’s data is continuously updated, the Board can easily stay updated on the organization’s performance.

The job of the security practitioner is to empower the Board of Directors to properly understand and manage cyber risks. By staying up-to-date on current events, providing regular security program updates, and presenting metrics in a clear way, Board members will stay apprised of the organization’s security posture and act as both an ally and advocate for cybersecurity programs.

Watch this on-demand webinar to learn best practices "superstar" CISOs and find out what top security leaders are doing to lead their companies successfully through some of today's most complex business and technology challenges.

Suggested Posts

What Boards of Directors Are Missing about Cybersecurity

Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise —...

READ MORE »

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...

READ MORE »

What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...

READ MORE »

Subscribe to get security news and updates in your inbox.