CISO, The Board, and Cybersecurity – Enough Said! – BSW #299

The cybersecurity industry has understood for more than ten years the need for clear communication with the board of directors. However, chief information security officers (CISO) often face a challenge as they do not have a platform designed to measure their return on investment (ROI). This can make it difficult to demonstrate their value to the business.

U.S. companies face a wide array of issues potentially impacting their ability to borrow money. In recent months, a banking crisis and high interest rates have stretched some companies thin, leading to layoffs and decreases in spending.

At the same time, credit rating agencies, which assess companies’ ability to pay back borrowed money, are increasingly factoring in cybersecurity as part of their credit assessment criteria as they try to get a handle on the risks companies face.

CFOs have heard from CISOs the doom-and-gloom predictions of the potential fiscal disaster of data breaches so often that it's no longer resonating with them.

The doomer scenario is not hypothetical — global compliance requirements and privacy regulations drive the cost of a breach even higher than just the technical costs. However, CFOs and other C-level executives have heard these warnings so often now that it's just background information that doesn't drive their decision-making.

Is there a more effective way to help the CFO understand why security needs to be far better funded? Yes: Present the CFO with a shared-risk scenario.

CISOs have the title and nothing else. When you hear other titles like CEO, CMO, and CTO, you know that the people who hold those titles are on the senior executive team. When you hear CISO or CSO though, you might assume those people are part of the executive staff but that isn’t the case at all. There are exceptions, but in the best circumstances, those people are senior vice presidents in charge of cybersecurity, usually buried in the leadership bureaucracy one or more levels down. In other less than ideal circumstances, they don’t even have the CISO title and are managers or directors of security, but when they announce themselves at parties, they say something along the lines of like, “I don’t have the title but I’m essentially the CISO.”

Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, society or team. Leadership often is an attribute tied to a person's title, seniority or ranking in a hierarchy. However, it's an attribute anyone can have or attain, even those without leadership positions. It's a developable skill that can be improved over time.

In today’s rapidly evolving business landscape, building a skilled and high-performing team is crucial for success.

This article will discuss how to develop highly effective and skilled teams via networking, unique connectivity, and communication skills.

We will also explore examples, books, and additional resources that can help improve your networking and communication skills, leading to the formation of highly skilled teams.