Sign up to save your podcasts
Or
Share As Cybersecurity Evolves, So Should Your Board
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
As Cybersecurity Evolves, So Should Your Board
Executives need to clearly communicate risks but also bring context to data. Tech talk is out: speaking the same language will win the day.
It’s drilled into the heads of board directors and the C-suite by scary data-breach headlines, lawyers, lawsuits, and risk managers: cybersecurity is high-risk. It’s got to be on the list of a company’s top priorities.
But how many directors get lost in the technicalities of technology? The challenge for a chief information security officer (CISO) is talking to the board of directors in a way they can understand and support the company.
Niall Browne, senior vice president and chief information security officer at Palo Alto Networks, says that you can look at the CISO-board discussion as being a classic sales pitch: successful CISOs will know how to close the deal just like the best salespeople do. “That's what makes a really good salesperson: the person that has the pitch to close” he says. “They have the ability to close the deal. So they ask for something.”
“For ages,” Browne says, CISOs have had two big problems with boards. First, they haven’t been able speak the same language so that the board could understand what the issues were. The second problem: “There was no ask.” You can go in front of a board and give your presentation, and the directors can look like they’re in agreement, nodding or shaking their heads, and you can think to yourself, “Job done. They’re updated.” But that doesn’t necessarily mean that the business’s security posture is any better.
That’s why it’s important for CISOs to raise the board’s understanding to the level where they know what’s needed and why. Especially when it comes to new advances in cybersecurity, like attack surface management, which is “probably one of the areas that CISOs focus least on and yet is the most important,” Browne says. For example, “many times the CISO and the security team may not be able to see the wood from the trees because they're so involved in it.” And to do that, CISOs need a set of metrics so that anybody can read a board deck and within minutes understand what the CISO is trying to get across, Browne says. “Because for the most part, the data is there, but there's no context behind it.”
This episode of Business Lab is produced in association with Palo Alto Networks.
View all episodes
By MIT Technology Review Insights
4.2
2525 ratings
Executives need to clearly communicate risks but also bring context to data. Tech talk is out: speaking the same language will win the day.
It’s drilled into the heads of board directors and the C-suite by scary data-breach headlines, lawyers, lawsuits, and risk managers: cybersecurity is high-risk. It’s got to be on the list of a company’s top priorities.
But how many directors get lost in the technicalities of technology? The challenge for a chief information security officer (CISO) is talking to the board of directors in a way they can understand and support the company.
Niall Browne, senior vice president and chief information security officer at Palo Alto Networks, says that you can look at the CISO-board discussion as being a classic sales pitch: successful CISOs will know how to close the deal just like the best salespeople do. “That's what makes a really good salesperson: the person that has the pitch to close” he says. “They have the ability to close the deal. So they ask for something.”
“For ages,” Browne says, CISOs have had two big problems with boards. First, they haven’t been able speak the same language so that the board could understand what the issues were. The second problem: “There was no ask.” You can go in front of a board and give your presentation, and the directors can look like they’re in agreement, nodding or shaking their heads, and you can think to yourself, “Job done. They’re updated.” But that doesn’t necessarily mean that the business’s security posture is any better.
That’s why it’s important for CISOs to raise the board’s understanding to the level where they know what’s needed and why. Especially when it comes to new advances in cybersecurity, like attack surface management, which is “probably one of the areas that CISOs focus least on and yet is the most important,” Browne says. For example, “many times the CISO and the security team may not be able to see the wood from the trees because they're so involved in it.” And to do that, CISOs need a set of metrics so that anybody can read a board deck and within minutes understand what the CISO is trying to get across, Browne says. “Because for the most part, the data is there, but there's no context behind it.”
This episode of Business Lab is produced in association with Palo Alto Networks.
More shows like Business Lab
View all
Planet Money
30,635 Listeners
Marketplace
8,712 Listeners
Economist Podcasts
4,180 Listeners
Marketplace Tech
1,272 Listeners
The McKinsey Podcast
388 Listeners
WSJ Tech News Briefing
1,633 Listeners
HBR IdeaCast
169 Listeners
The Daily
112,499 Listeners
Up First from NPR
56,383 Listeners
The Peter Attia Drive
8,719 Listeners
Post Reports
5,440 Listeners
The Intelligence from The Economist
2,540 Listeners
No Stupid Questions
3,657 Listeners
MIT Technology Review Narrated
258 Listeners
経営中毒 〜だれにも言えない社長の孤独〜
7 Listeners