If you’re a SaaS CIO/CISO new to the role, you may be asking yourself this question. Here are some tips to help you out.
Most CIO/CIOs will tell you that their board considers cyber risk to be a top priority.
3 Tips for what to tell the Board
- Tell the company cyber story
- Present high-level data, simplified with charts
- Metrics reflect how well you have aligned cyber risk to the business objectives
- Never bring a problem without a recommendation
Tell the company cyber story. Whatever you take to the Board needs to tell the story of what you and everyone else are doing to manage and reduce the risk to the organization. Did you catch how I added “and everyone else”? That part is important because no one can do this alone. This is everyone’s story. Make it a good one. Don’t hesitate to shine the light on good efforts. Demonstrate the progress, and everyone will appreciate your report more.
Present high-level data, simplified with charts. Executives don’t want or need data heavy charts. If you want to communicate effectively, you’ll make the focus on what your presentation represents rather than making it a detailed report you read to them. Simple, clean accurate. You want this to be a conversation with their focus on what you are telling them. Do this, and be prepared to answer questions.
Metrics reflect how well you have aligned cyber risk to the business objectives. If you’re not talking about business objectives, you might want to rethink what you’re presenting. If you want buy-in and support you’re more Likely to get that when you’re focused on what’s also important to the Board.
Never bring a problem without a recommendation. This doesn’t mean you have a ready-made solution; it means you are making recommendations to the Board for their consideration. The Board has the decision-making responsibility. It’s your responsibility to make that decision as easy as possible by providing all the relevant information in an easy-to-understand delivery.
Charlene Deaver-Vazquez -Helping new CIO/CISO measure, manage and communicate risk. Schedule a quick chat https://www.fismacs.com/contact