It’s important to remember that Boards ultimately want you to be successful in defending the organisation against cybersecurity threats.
When the Board is behind your efforts, cybersecurity can be recognised as a positive thing that helps your organisation’s digital activity to flourish, and not just seen as a necessary evil or cost-centre.
The NCSC guidance stresses that most Board members do not have in-depth cyber security knowledge. That’s not their role. Cybersecurity leaders, on the other hand, do have detailed knowledge of the domain, but maybe less experience in communicating with Board or senior executive teams. As a cyber-professional, the NCSC state that it is part of your job to bridge this gap to provide better cybersecurity outcomes.
Cybersecurity is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber-risk is understood, managed and mitigated.
This guidance describes how to communicate and engage more effectively with board members, to improve cybersecurity decision making within your organisation.
It will also help you to communicate with senior executives, who make recommendations to the…