How to Communicate the Value of Cyber Security to Board Members and Other Leaders

Cyber security protects computers, networks and digital assets that a society depends on for national security, economic health and public safety. It includes preventing unauthorized access, detecting and stopping cyberattacks and network security breaches as they happen, and ensuring that only authorized users can gain safe and timely access to the data and infrastructure they need.

To do this, cyber security tools and techniques use backups (multiple copies of files stored in different locations) to prevent loss; firewalls to limit what information is sent over the internet; and forensic analysis to detect and respond to breaches. Cybersecurity also involves educating end-users to avoid common mistakes, such as deleting email attachments or plugging in unknown USB drives. Some of the newer technologies in this area include zero trust security, which requires verification from all incoming sources to make sure they are who and what they say they are; automated theorem proving, to verify critical algorithms and code for secure systems; and encrypted communication protocols.

The motives of attackers vary, from thrill-seekers to activists and criminals seeking financial gain to nation states pursuing military or political ends. Many of these activities are now called “cybercrime” and include hacking, phishing, denial-of-service attacks, swatting (smashing a device by sending it a large number of requests) and malware.

Communicating these risks to board members and other leaders can be challenging, with presentations often filled with technical jargon or fueling FUD (fear, uncertainty and doubt). Quantifying cyber risk exposure into monetary terms—like dollars—provides clarity and ease of understanding for business leaders and allows CISOs to demonstrate the value of their investments in cybersecurity defenses. SOC






Leave a Reply

Your email address will not be published. Required fields are marked *