Cybersecurity Leaders Collaborate to Answer the Most Challenging Questions Asked by Board
July 2018 by Kudelski Security
Kudelski Security, the cybersecurity division within the Kudelski Group announced the availability of a new research report, ‘Cyber Board Communications & Metrics – Challenging Questions from the Boardroom’ that features the perspectives of enterprise CISOs from large global organizations.
The report, which is available on the Kudelski Security’s website, features discussions and opinions on how security leaders have improved relationships and communication methods to better inform non-technical executive leaders, measure and report on security priorities, and increase organizational support for security initiatives. This includes the top questions CISOs face, as well as tips to improve presentations made for the board of directors. This is the first executive research created in conjunction with Kudelski Security’s Client Advisory Council (CAC), a cybersecurity think tank made up of the best and brightest, top-level information security leaders from global enterprises.
“Kudelski Security’s Client Advisory Council is a gathering of some of the most knowledgeable and successful leaders in the security industry,” said Rich Fennessy, chief executive officer, Kudelski Security. “Working together we conducted extensive research to present the opinions and experiences of CISOs from organizations of all types to help the broader industry. Our belief is that we can all benefit from the shared experiences of proven leaders and learn how we can challenge the status quo to impact real change in our industry. We thank each of our Council members for their tireless support.”
For this research engagement, the Client Advisory Council focused on the need to enhance board awareness of the cyber challenges their organizations face, and in improving their confidence in the CISOs they have charged with their organization’s security. Through a lengthy and thorough process of industry surveys, focus groups and individual interviews, the CAC confirmed its hypothesis: CISOs need to better communicate programs and initiatives in a way that is meaningful to their counterparts and boards.
The key to helping boards understand cybersecurity is to understand what they really want to know when they ask the questions they do. This research report outlines a strategy to answer the five most challenging questions, including “Are we secure?” and “How does our security program compare to our industry peers?” along with strategies, communication approaches and detailed advice on best-use of metrics.
Members of Client Advisory Council include C-level and VP-level security leaders who provide insights and guidance on the solutions Kudelski Security innovates for their clients. The members come from large enterprises such as Aaron’s, Inc., AES Corporation, Blue Cross Blue Shield, Cerner Corporation, Technicolor and Zebra Technologies.
“Communicating with a board is among the most challenging yet vital and impactful responsibilities a CISO could have,” said Almir Hadzialjevic, CAC member and Vice President, Enterprise Risk & Security, Aaron’s, Inc. “Most boards are made up of sophisticated leaders who, while being experts within their domain, simply do not speak ‘technology.’ Nevertheless, they have a strong understanding of the business, risks to the business, financial and reputational implications, and play a critical role in the effective oversight of the company’s cybersecurity program. This presents a unique challenge for a CISO trying to relay the vital importance of a robust and mature cybersecurity program, and the need for investment in it. A partnership between CISOs and their board of directors is crucial, and the effectiveness of any company’s security program depends on it.”
The CAC will continue to support annual Kudelski Security CISO research initiatives aimed at spurring advancements in cybersecurity. These community-centered initiatives will focus on research related to specific CISO challenges – such as developing industry insights and best practices and standards – which will become published resources for the betterment of the industry.