As the Chief Information Officer (CISO) of an organisation, communicating effectively with your board is critical to success. You probably already know that talking to the board isn't just about throwing a bunch of tech jargon at them and hoping for the best. It is about communicating business risk in a way that resonates and ensures everyone is on the same page before the board briefing. Having worked alongside many boards and CISOs for a number of years, we have gleaned firsthand experience on how best to influence and build credibility with board teams. Here are some of our tips on talking to the Board about cyber.
Tip 1: Pre-brief and influence early
Before you even step into that boardroom, it is crucial to do some pre-briefing. You do not want any surprises during the actual meeting. This means having one-on-one conversations with key board members ahead of time. Get a sense of their concerns, their level of understanding, and what they expect from you. This pre-briefing allows you to tailor your presentation to address their specific worries and ensures that you are all on the same page. During these pre-meetings, take the opportunity to influence their perspective. Help them understand that cyber is not just an IT issue – it is a business issue. Share some real-world examples of companies that have suffered due to poor cyber practices and draw parallels to your own organisation. The goal is to make them see the bigger picture and understand that investing in cyber is investing in the company's future.
Tip 2: Show your leadership and strategic thinking
The board meeting is an opportunity for you to demonstrate your leadership and strategic thinking. Show that you are not just reacting to threats but proactively managing risks. Discuss your long-term strategy and how it aligns with the company's overall goals. This approach not only builds confidence in your capabilities but also reinforces the importance of cyber in the broader business context.
Tip 3: Keep the conversation high level and focused on business objectives
When it comes to cyber, it is easy to get lost in the weeds of technical details. But remember, board members typically are not interested in the nitty-gritty of how a firewall works or the specifics of encryption protocols. What they care about is business objectives so make sure your security initiatives and reporting are aligned to the objectives of the business. This might sound like common sense, but it is surprising how often it is overlooked. Let us say the company is planning to expand into new markets, you could present how cyber measures will ensure the protection of customer data in these new regions, which is vital for maintaining trust and complying with local regulations. By linking security efforts to business objectives, you are not just showing that you understand the technical side but also demonstrating a strategic vision that supports the company’s broader mission.
Tip 4: Tell a story
Humans are hard-wired to respond to stories, and the board is no exception. Instead of bombarding them with statistics, weave a narrative around your data. For example, you could tell the story of a recent security incident, detailing how the team detected the threat, what steps were taken to mitigate it, and the lessons learned to prevent future occurrences. This approach not only makes your points more relatable but also highlights the practical value of your team’s work.
Tip 5: A picture paints a thousand words
Visualisation can be a powerful tool here. Use charts, graphs, and infographics to illustrate your points. Show trends over time, compare your company's cyber posture to industry benchmarks, and highlight areas of improvement. Visual aids can make complex information more digestible and keep the board engaged.
Tip 6: Be clear on what you want from the Board
Be clear about what you need from the board – whether it is budget approval, policy changes, or support for specific initiatives. This clarity helps them make informed decisions and shows that you have a well thought out plan.
Tip 7: Follow up
After the meeting, follow up with a summary of what was discussed, the decisions made, and the next steps. This reinforces the key points and keeps everyone accountable. Plus, it shows that you are organised and committed to transparency.
One last thing, building relationships with board members outside of formal meetings can be incredibly beneficial. Engage with them during informal settings, share relevant articles or reports, and keep the lines of communication open. The more they understand and trust you, the more effective you will be in your role.
We hope these tips help you navigate your next board meeting with confidence and clarity. Remember, you are not just a tech expert – you are a business leader.
If you’d like to learn more about how we can support you in this area, please get in touch.