Inspire greater accountability in the boardroom with new KPIs and an effective security roadmap
Los Angeles, Calif. – Apr. 15, 2019
CEOs and other board members are more engaged in cybersecurity conversations than ever before.
In fact, I remember when CISOs carried the sole responsibility of security – now everyone around the table is accountable. CISOs aren’t just educating in the boardroom, as they once had.
Why? It’s no surprise that one of the biggest challenges an organization will face today is cybercrime. Every organization, big or small, runs the risk of being targeted by hackers. It’s just a matter of when.
Good news! The C-Suite has matured and is finally asking the right questions and holding their teams accountable for cybersecurity.
However, we need to remember that each person around that boardroom table has a slightly different perspective and different priorities:
- CEO – How can we recover from damage to the company’s reputation in the event of a breach? How will the credibility and overall business value suffer as a result of the breach?
- CFO – How will we fund ongoing cyber initiatives? Are we maximizing the value of our security investments today? What risks remain and what risks are we sharing with 3rd parties, including contractors, suppliers and customers?
- COO – Will the new security technology roll-out cause loss of business operations? If so, how long will operations be affected? Is the roadmap on schedule? How will we regain business operations in the event of a breach?
- CMO – How will our brand be impacted if the data breach goes public? How will we manage the crisis communications with our customers, investors, and rest of the organization?
At the end of the day, the C-Suite shares the same concerns regarding security risk and liability as the CISO so it’s important to keep the lines of communication open and keep the board informed. After all – nobody wants to be blindsided!
As cybersecurity becomes more digestible with your C-Suite and board members I recommend aligning on a security roadmap with your executive leadership team and developing KPIs that you can report on regularly. This way everyone is on the same page when it comes to security programming. The stakes are simply too high to manage security on a reactive or ad hoc basis.
If you don’t already have one, here’s a Sample Security Roadmap for Enterprises. It includes a questionnaire that is useful for developing your own roadmap, and Key Performance Indicators (KPIs) to keep your security program on track.
Bruce Schneier once said, “Security is a journey, not a destination.”
In cybersecurity, the only constant is change. By developing a strong security roadmap and a few key metrics, you can breathe a little easier knowing at least your organization has a plan in place.
To Your Success,
Originally posted on cybersecurityventures.com