Sign up to save your podcasts
Or
Share As Cybersecurity Evolves, So Should Your Board
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
As Cybersecurity Evolves, So Should Your Board
Executives need to clearly communicate risks but also bring context to data. Tech talk is out: speaking the same language will win the day.
It’s drilled into the heads of board directors and the C-suite by scary data-breach headlines, lawyers, lawsuits, and risk managers: cybersecurity is high-risk. It’s got to be on the list of a company’s top priorities.
But how many directors get lost in the technicalities of technology? The challenge for a chief information security officer (CISO) is talking to the board of directors in a way they can understand and support the company.
Niall Browne, senior vice president and chief information security officer at Palo Alto Networks, says that you can look at the CISO-board discussion as being a classic sales pitch: successful CISOs will know how to close the deal just like the best salespeople do. “That's what makes a really good salesperson: the person that has the pitch to close” he says. “They have the ability to close the deal. So they ask for something.”
“For ages,” Browne says, CISOs have had two big problems with boards. First, they haven’t been able speak the same language so that the board could understand what the issues were. The second problem: “There was no ask.” You can go in front of a board and give your presentation, and the directors can look like they’re in agreement, nodding or shaking their heads, and you can think to yourself, “Job done. They’re updated.” But that doesn’t necessarily mean that the business’s security posture is any better.
That’s why it’s important for CISOs to raise the board’s understanding to the level where they know what’s needed and why. Especially when it comes to new advances in cybersecurity, like attack surface management, which is “probably one of the areas that CISOs focus least on and yet is the most important,” Browne says. For example, “many times the CISO and the security team may not be able to see the wood from the trees because they're so involved in it.” And to do that, CISOs need a set of metrics so that anybody can read a board deck and within minutes understand what the CISO is trying to get across, Browne says. “Because for the most part, the data is there, but there's no context behind it.”
This episode of Business Lab is produced in association with Palo Alto Networks.
View all episodes
By MIT Technology Review Insights
4.2
2525 ratings
Executives need to clearly communicate risks but also bring context to data. Tech talk is out: speaking the same language will win the day.
It’s drilled into the heads of board directors and the C-suite by scary data-breach headlines, lawyers, lawsuits, and risk managers: cybersecurity is high-risk. It’s got to be on the list of a company’s top priorities.
But how many directors get lost in the technicalities of technology? The challenge for a chief information security officer (CISO) is talking to the board of directors in a way they can understand and support the company.
Niall Browne, senior vice president and chief information security officer at Palo Alto Networks, says that you can look at the CISO-board discussion as being a classic sales pitch: successful CISOs will know how to close the deal just like the best salespeople do. “That's what makes a really good salesperson: the person that has the pitch to close” he says. “They have the ability to close the deal. So they ask for something.”
“For ages,” Browne says, CISOs have had two big problems with boards. First, they haven’t been able speak the same language so that the board could understand what the issues were. The second problem: “There was no ask.” You can go in front of a board and give your presentation, and the directors can look like they’re in agreement, nodding or shaking their heads, and you can think to yourself, “Job done. They’re updated.” But that doesn’t necessarily mean that the business’s security posture is any better.
That’s why it’s important for CISOs to raise the board’s understanding to the level where they know what’s needed and why. Especially when it comes to new advances in cybersecurity, like attack surface management, which is “probably one of the areas that CISOs focus least on and yet is the most important,” Browne says. For example, “many times the CISO and the security team may not be able to see the wood from the trees because they're so involved in it.” And to do that, CISOs need a set of metrics so that anybody can read a board deck and within minutes understand what the CISO is trying to get across, Browne says. “Because for the most part, the data is there, but there's no context behind it.”
This episode of Business Lab is produced in association with Palo Alto Networks.
More shows like Business Lab
View all
The McKinsey Podcast
378 Listeners
a16z Podcast
1,057 Listeners
Gartner ThinkCast
109 Listeners
Cold Call
195 Listeners
Azeem Azhar's Exponential View
609 Listeners
NVIDIA AI Podcast
341 Listeners
Masters of Scale
3,988 Listeners
Y Combinator Startup Podcast
226 Listeners
HBS Managing the Future of Work
105 Listeners
Practical AI
189 Listeners
Inside the Strategy Room
166 Listeners
Big Technology Podcast
461 Listeners
MIT Technology Review Narrated
255 Listeners
Me, Myself, and AI
107 Listeners
HBR On Strategy
73 Listeners