CISO MAG Editorial
The volume of security attacks and threats to organizations has reached alarming proportions, so much so that “cybersecurity” and “cyber risk” have become frequently used words among Boards of Directors.
The Board understands risk, numbers, charts, reports, and strategy. But when news of organizations getting hacked, and the unfortunate consequences, trickles into the boardroom, it triggers waves of panic. The typical questions that arise are, “What if we were hit by that malware or ransomware next? How badly would that impact our business?”.
Board members are likely to be aware of terms like “malware,” “ransomware” and acronyms like DDoS and APT, that the tech industry notoriously creates every year (heard any new ones lately?). They might need a simple explanation of say, how ransomware spreads and what it does. They’re not asking for a crash course in cybersecurity, mind you. But someone who has a deep understanding of cybersecurity and knowledge of business operations has got to answer those nagging questions. That calls for a clear communication strategy. That person must talk cybersecurity using a business…