What to Tell the Board About Security

By Tony Kontzer
  • Previous
    What to Tell—and Not Tell—the Board About Security

    What to Tell—and Not Tell—the Board About Security

    What are security leaders telling their company's board? Many are having a hard time figuring out how to effectively report their cyber-risk status to the board.

It takes only a quick review of recent years' headlines to understand why information security leaders have assumed a higher profile in the upper echelons of the corporate hierarchy. The Targets, Ebays and JPMorgan Chases of the world can vouch for the fact that strong security is a pillar of doing business today. And security and risk executives have not only become integral parts of the C-suite, they've also earned the ear of their board of directors. In fact, a 2015 study from Georgia Tech Information Security Center found that 63 percent of executives and directors said cyber-security is a top boardroom issue, up from 33 percent just three years earlier. So what are security leaders telling their boards? According to a recent infographic from security analytics firm Bay Dynamics, much of what they relay is not all that helpful. "A disconnect in communication plagues many organizations, leaving CISOs [chief information security officers] and CIROs [chief information risk officers] struggling to figure out how to effectively report their cyber-risk status to the board," Ryan Stolte, co-founder and CTO at Bay Dynamics, wrote in a blog post about the infographic and a related report, "The CISO's Ultimate Guide to Reporting to the Board." "If C-level executives and board members cannot understand their level of cyber-risk--and put it into context based on the value of their assets and how their most valuable assets are being protected--they cannot make informed decisions to decrease their level of risk."

This article was originally published on 2016-03-15
Tony has been writing about the intersection of technology and business for more than 20 years and currently freelances from the Grass Valley, Calif., home where he and his wife are raising their two boys. A 1988 graduate of the University of Missouri-Columbia School of Journalism and regular contributor to Baseline since 2007, Tony's somewhat infrequent Twitter posts can be found at http://twitter.com/tkontzer.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.