What questions should CIOs anticipate from their board following critical vendor-related incidents that caused major problems?
Sort By:
Oldest
Vice President - Enterprise Platforms & Cybersecurity in Energy and Utilities13 days ago
Our board doesn't have much cybersecurity expertise. They are mostly older individuals who don't fully grasp the intricacies of cybersecurity. We provide them with as much information as possible about the risks and impacts. Although they may not fully understand, they do trust us to handle the situation and continue to allocate the necessary resources. It can be frustrating, but the key is to keep them informed and reassured.CIO in Healthcare and Biotech13 days ago
It’s crucial to understand the level of cybersecurity expertise on your board. Ideally, there should be at least one person who is knowledgeable about cybersecurity. In our case, during the SolarWinds incident, we were one of the 18,000 organizations compromised, but we weren't a high-priority target for exploitation. Explaining this to the board can be tricky, especially if they lack cybersecurity knowledge. We found it effective to first discuss the details with the one board member who best understood cybersecurity. She then helped communicate and validate the information to the rest of the board, which made the overall communication smoother.In general, for boards that may not fully grasp cybersecurity, Gartner offers excellent resources for explaining cyber risk in the context of overall enterprise risk. These resources include ready-to-use slides that can be customized with organizational specifics. This approach helps in translating technical cyber risks into business terms that the board can understand. Even if some board members are not well-versed in cybersecurity, they can still comprehend the concept of enterprise risk, which aids in better communication.
It’s important to be well-prepared for board meetings, especially during critical incidents. Anticipate their primary concerns, which will likely revolve around prevention and mitigation. Also, leveraging peer networks and resources, like those from Gartner, can provide valuable insights and tools for effective communication. Engaging with knowledgeable board members first can also facilitate smoother discussions with the entire board.