Opinions expressed by australiabusinessblog.com contributors are their own.
The explosive number of cybersecurity threats has forced every C-suite executive and board member to pay more attention to their cybersecurity hygiene. She, however do not share the same lens as they look at their information security attitudes. And here arises a broken connection.
A recent global survey of C-suite executives indicates that approx 71% of board members have serious knowledge gaps about cybersecurity and threats facing their organizations.
Whether we’re talking about data breaches that compromise sensitive business information or exploit consumer identities, executives and heads of information security (InfoSec heads) are already prepared for the worst. But senior management isn’t sure why they need to spend more on their cybersecurity budget.
While InfoSec chiefs often emphasize security and risk management as part of their job, board members often peg cybersecurity as part of their business, but hardly consider it one of the foundations of modern business success.
Related: Learn how to protect your business from cybersecurity risks
As a result, their communications are inconsistent and they are challenged to translate cybersecurity risks and potential business implications.
In short, as much as they are aware of cybersecurity risks and increasing threats, most board members fail to understand how cybersecurity and advanced technologies translate into underlying business risks.
So, what should be done on the part of an executive to translate the risks? Let’s figure it out.
Communicate cybersecurity risks through effective storytelling
The way you interact with your board members makes all the difference. And effective storytelling is undoubtedly the best way to convince them.
While storytelling is not a new concept as people have used it for centuries to convey a strong message, executives can harness its true potential to help process crucial information.
Stories have been part of our lives since childhood and several studies suggest that the human brain is programmed for stories. And a compelling story can ultimately evoke an emotional connection and change behavior and attitudes.
Now, as you talk to your leadership as you tell stories, make sure you’ve done your homework to support your story and make an impact. Otherwise it’s good for nothing.
Share some data and insights and talk about the latest tools and technologies that can be integrated into your processes and have a huge impact. In addition, displaying your competitor’s cybersecurity best practices can also help influence your board leaders.
You can also use case studies of organizations that neglected their overall cybersecurity hygiene, resulting in financial and reputational damage. This can be a great way to reinforce your opinion alongside the story you’ve created.
Related: Harness the power of storytelling to transform your business for the better
How to prepare for your meeting with board members
As a board member, you need to make sure you understand the mindset of your board in order to engage with them on an individual level. And it would be nice if you first knew how they view the importance of cybersecurity and threat management for the organization.
Once you understand their perspective, it’s time to create your action steps to get your message across and get them convinced that cybersecurity is an absolute necessity, not a luxury, for growing your business.
Here’s what you should do before starting a conversation with your board members:
- Inform them about the latest compliances: Most of the time, your senior management is unaware of the latest data privacy and security compliance. And this could be why they are not in favor of stretching their cybersecurity budget. You must inform them of the latest compliances and the consequences of non-compliance. A good example is non-compliance with the General Data Protection Regulation (GDPR), which ultimately led to hefty fines and reputational damage.
- Board member background investigation: Researching your board members’ backgrounds can be the first step to understanding their mindset and approach to overall business growth. Analyze their past experiences, educational background and personality to ensure you hit the right note while convincing them of cybersecurity and underlying risks.
- Learn their goals and priorities: Another critical step is to learn about your leader’s priorities and goals. Do they often think about organizational growth without increasing the overall security budget? Do they keep cybersecurity a part of their business, but not a priority? Is there a way they can be related to the growth of the organization through cybersecurity best practices for customers and employees? Once you’ve figured out these questions, the next step is to describe your version of information security and its direct impact on growing your business. And for this you can use the latest statistics, competitor data and data related to the latest breaches.
And ultimately, your C-suite executives would be convinced, like everyone else, that cybersecurity hygiene is undeniably a fundamental aspect of their business. It’s your responsibility to make sure you’re on the right track and telling the right story that makes them relate and act.
Related: Cybercrime could cost the world $10.5 trillion a year by 2025
The role of the modern manager is undoubtedly predominantly people-oriented. And getting caught between highly technical IT staff and leadership focused on growth while making cybersecurity-related decisions can be an uphill battle.
However, the key to business success without compromising security lies in integrating advanced technology that drives growth, builds customer confidence, and maintains compliance.
And a modern executive must navigate business success by convincing board members of the need for cybersecurity best practices to jump on the digital transformation bandwagon.