When communicating with high-level company executives and board members about cybersecurity issues, experts advise brevity and clarity—and emphasizing the bottom line.[1]
“When it comes to cybersecurity, one of the things that’s definitely helpful when presenting to executives and the board is to talk through cybersecurity not as an IT [information technology] issue but as something that’s critical for the business and critical for risk management,” said Teju Shyamsundar, senior product marketing manager at Okta Inc. in San Francisco.
Shyamsundar has three recommendations:
-
Take a data-driven approach to your recommendations to show how cybersecurity is affecting various parts of the business.
-
Align with industry standards for security.
-
Use reports and peer insights to identify what other organizations in your industry are doing to address cybersecurity. “You don’t need to copy them, but it’s good to have a sense of what other organizations in your industry are doing,” she said.
In fact, it doesn’t make sense to have a one-size-fits-all approach to cybersecurity, even for organizations in the same industry, because needs can differ significantly, Shyamsundar said. For example, an organization that houses its data in the cloud will have different needs than an organization with its own on-site servers, she said.