Despite the constant stream of data breaches, Chief Information Officers (CIO), Chief Information Security Officers (CISO) and risk managers continue to struggle to get the attention of their senior executives and board members on the topic of cyber security risk management. Senior executives frequently lack the technical knowledge necessary to fully grasp how vulnerable their organizations are in today’s highly connected business world. In addition, they may not understand how a seemingly minor cyber security incident can quickly escalate into an event that has significant, far reaching negative consequences for their organization. Loss of revenue, loss of productivity, and brand damage are just a few of the potential effects of a data breach. Despite this challenge, it is incumbent on CIOs, CISOs and risk managers to continue to raise awareness about cyber security within their organizations to ensure that senior executives are appropriately understanding the significant risks that external and internal threats pose.
COMPASS team members are often asked to speak about cyber security with executives and board members to raise awareness and better their understanding about potential risks. There are several successful approaches we have taken over the years to efficiently and effectively raise executive cyber security awareness. It is particularly rewarding when we are asked to speak with an executive who is highly skeptical about their organization being a target and by the end of the meeting they have a new appreciation, understanding, and sense of urgency. Some of the lessons that we have learned and best practices that we leverage include:
- Make it personal and focus on risks that are relevant to the organization and its industry,
- Speak in terms of enterprise risk management and minimize use of technical terminology,
- Tailor the discussion to the unique environment of the organization,
- Tailor it to the audience and their role(s) (ex. Chief Executive Officer, Chief Financial Officer, General Counsel),
- Use the interaction as an opportunity to educate and raise awareness,
- Use data breach examples that are relevant but do not overuse them.
Organizations continue to invest in technology at a rapid pace that enables them to gain competitive advantages and increase productivity. Cloud computing, the Internet of Things, and mobile devices are a few of these technologies. Each new technology presents unique challenges and risks to the adopting organization. Senior executives and board members must understand the full set of cyber security risks that each technology presents. Without understanding the “big picture” of their organization’s unique cyber security threats it will be difficult for them to understand the potential impact.
If your organization would like to discuss its unique cyber security threats and risk exposure, please contact COMPASS at 667-401-5108.
