“ Security breaches have business implications that reach far beyond IT disruption . For senior cybersecurity professionals this means that in addition to keeping the organisation secure and cyber-resilient , they need to know how to effectively communicate cyber-risk to very different and often non-technical stakeholders .

“ This can be a challenge . An international study found that just over a third ( 35 %) of the small business IT security professionals surveyed think senior managers don ’ t see cyberattacks as a significant risk .

“ This isn ’ t a question of management failure . It is hard to be interested in or care about something you don ’ t fully understand .

“ The responsibility for addressing this gap rests with security leaders . They need to become storytellers and relationship builders .

“ In my experience , there are three key conversations security leaders should be having on a regular basis to effectively communicate cybersecurity risk and build strategies .

“ At a foundation level , they need to engage regularly with technical colleagues such as engineers , developers and security researchers . Building strong relationships with these individuals and understanding security from their perspective is crucial , as these are the people security leaders rely on in a crisis .

“ Second , CISOs should hold regular meetings with senior managers , including the Chief Executive or their equivalent and critical risk departments like finance and legal . These conversations should focus not just on evolving threats and security tools , but on what an incident might mean for products or business roadmaps , risk , compliance and customers .

“ Finally , security leaders need to effectively communicate risk to people who advise the business , such as the board of directors . Board members and non-executive directors bring a wide range of experience and backgrounds to the table . The golden rule here is to address everyone ’ s needs and concerns and keep things high-level and simple .

“ An engaged leadership is one of your most powerful assets for ensuring policies , programmes and investments succeed . The discussions you have and the relationships you build , will ensure they understand where the risks are , how to address them and how to keep the company resilient .”

We speak to experts from WatchGuard Technologies and SailPoint about their views on the conversations CISOs should be having to encourage cybersecurity awareness and maintain secure operations .

www . intelligenthealth . tech 25