CISO: Communications Redefined – Navigating the Journey from Control Room to Board Room
As companies face increasing stakeholder scrutiny of their oversight and management of cyber risk, the Chief Information Security Officer (CISO) is swiftly cementing its role as a key leader within the organization.
Against this backdrop, FTI Consulting conducted a survey of over 100 CISOs at large companies with global operations, representing a sum aggregate revenue of $4.4 trillion and more than 528,000 employees in the U.S. to understand both the opportunities and challenges facing CISOs as they navigate this transition and heightened exposure.
- 81% claim their communication with the Board of Directors (the “Board”) and senior leadership about cybersecurity has increased
- A majority (58%) of respondents claim that they struggle to communicate technical language to senior leadership in a way that they can understand, and 82% of respondents claim that when they are in front of the Board they feel pressure to make things sound better than they really are
- Over half of CISOs do not believe that their Board and senior leadership are completely prepared for cyber risks and 63% feel that their concerns are not aligned with senior leadership priorities
Ultimately, the findings reveal the importance of CISOs having regular engagement with Boards and senior leadership on cybersecurity. However, to maximize that engagement they need to be armed with the skills to communicate and translate cyber risks into core business risks.
Internal & External Scrutiny has Increased
- 85% of CISOs claim the prominence of information security and cybersecurity has increased on the Board’s agenda in the last 12 months
- 79% feel scrutiny from senior leadership over cybersecurity preparedness has increased
- 73% believe external media attention and subsequent pressure on organizational cybersecurity preparedness has increased
Explore further here.
CISOs Struggle to Communicate to Leadership
- 82% claim they have to make things sound better than they are to the Board
- 66% feel senior leadership struggles to understand their role
- 58% struggle to communicate technical language in a way senior leadership can understand
Explore further here.
Communication Is Critical, with Incidents on the Rise
- 88% of CISOs have experienced a cyber attack or incident in the last 12 months
- Nearly half (46%) claim these incidents were not mitigated quickly
- 52% claim managing communications with internal and external stakeholders is the biggest challenge when responding to an incident
Explore further here.
Disconnect with Senior Leadership on Cyber Risk Priorities & Preparedness
- 63% claim their cyber concerns are not fully aligned with senior leadership
- 52% feel their Board and senior leadership are not completely prepared for the cyber risks they foresee
- 40% believe their organization is not fully prepared for proposed SEC rules on stricter cybersecurity governance
Explore further here.
Steps to improve disconnect between CISOs and leadership teams
Increased threat activity and a growing focus on companies’ governance and oversight of cybersecurity means that, more than ever, CISOs are having to present to Boardrooms and executive leadership on cybersecurity preparedness. Our survey revealed that 97% have been asked to present in the next 12 months.
When it comes to being set up for success, 88% of CISOs recognize the importance of greater access to their Board to ensure effective management of cyber risk and possibly support their professional development. Similarly, 91% of CISOs feel that reporting to the CEO would help them achieve greater success in their role.
However, despite a desire to move up the corporate ranks, many CISOs feel they need practical support in translating technical matters into terms that will resonate with business leaders.
Ultimately, the CISO role is evolving, with many CISOs needing help navigating this transition. As the CISO gets closer to the Board they will need to speak the language of the Boardroom and arm leaders with the necessary information to make appropriate risk decisions. 91% state that communications training and coaching on presenting to boards is key to helping them make transition.
Next Step: Secure Your Seat!
To help CISOs prepare for board-level communication, we are launching a training program called, Secure Your Seat. Please contact us for more information.
The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
©2022 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com