Cybersecurity & Data Privacy Communications

CISO: Communications Redefined – Navigating the Journey from Control Room to Board Room

As companies face increasing stakeholder scrutiny of their oversight and management of cyber risk, the Chief Information Security Officer (CISO) is swiftly cementing its role as a key leader within the organization. 

Against this backdrop, FTI Consulting conducted a survey of over 100 CISOs at large companies with global operations, representing a sum aggregate revenue of $4.4 trillion and more than 528,000 employees in the U.S. to understand both the opportunities and challenges facing CISOs as they navigate this transition and heightened exposure.

  • 81% claim their communication with the Board of Directors (the “Board”) and senior leadership about cybersecurity has increased
  • A majority (58%) of respondents claim that they struggle to communicate technical language to senior leadership in a way that they can understand, and 82% of respondents claim that when they are in front of the Board they feel pressure to make things sound better than they really are
  • Over half of CISOs do not believe that their Board and senior leadership are completely prepared for cyber risks and 63% feel that their concerns are not aligned with senior leadership priorities

Ultimately, the findings reveal the importance of CISOs having regular engagement with Boards and senior leadership on cybersecurity. However, to maximize that engagement they need to be armed with the skills to communicate and translate cyber risks into core business risks.

 

Internal & External Scrutiny has Increased

  • 85% of CISOs claim the prominence of information security and cybersecurity has increased on the Board’s agenda in the last 12 months
  • 79% feel scrutiny from senior leadership over cybersecurity preparedness has increased
  • 73% believe external media attention and subsequent pressure on organizational cybersecurity preparedness has increased

Explore further here.

 

CISOs Struggle to Communicate to Leadership

  • 82% claim they have to make things sound better than they are to the Board
  • 66% feel senior leadership struggles to understand their role
  • 58% struggle to communicate technical language in a way senior leadership can understand

Explore further here.

 

Communication Is Critical, with Incidents on the Rise

  • 88% of CISOs have experienced a cyber attack or incident in the last 12 months
  • Nearly half (46%) claim these incidents were not mitigated quickly
  • 52% claim managing communications with internal and external stakeholders is the biggest challenge when responding to an incident

Explore further here.

 

Disconnect with Senior Leadership on Cyber Risk Priorities & Preparedness

  • 63% claim their cyber concerns are not fully aligned with senior leadership
  • 52% feel their Board and senior leadership are not completely prepared for the cyber risks they foresee
  • 40% believe their organization is not fully prepared for proposed SEC rules on stricter cybersecurity governance

Explore further here.

 

Steps to improve disconnect between CISOs and leadership teams

Increased threat activity and a growing focus on companies’ governance and oversight of cybersecurity means that, more than ever, CISOs are having to present to Boardrooms and executive leadership on cybersecurity preparedness. Our survey revealed that 97% have been asked to present in the next 12 months.

When it comes to being set up for success, 88% of CISOs recognize the importance of greater access to their Board to ensure effective management of cyber risk and possibly support their professional development. Similarly, 91% of CISOs feel that reporting to the CEO would help them achieve greater success in their role.

However, despite a desire to move up the corporate ranks, many CISOs feel they need practical support in translating technical matters into terms that will resonate with business leaders.

Ultimately, the CISO role is evolving, with many CISOs needing help navigating this transition. As the CISO gets closer to the Board they will need to speak the language of the Boardroom and arm leaders with the necessary information to make appropriate risk decisions. 91% state that communications training and coaching on presenting to boards is key to helping them make transition.

 

  • View our research methodology here.
  • Meet the team behind the research here.

Next Step: Secure Your Seat!

To help CISOs prepare for board-level communication, we are launching a training program called, Secure Your Seat. Please contact us for more information.

Button graphic with words contact us

 

The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

©2022 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com

Related Articles

Predictions for Cybersecurity in 2024: Communications and Reputational Perspectives

March 7, 2024—What will the cybersecurity space look like in 2024? And what do companies need to do to ensure they are prepared from a...

Cybersecurity in Latin America: Cyber Threats Evolve in a Landscape of Incipient Resilience

January 25, 2024—Organizations in Latin America should not wait for regulators to impose cybersecurity readiness requirements, as prepara...

A Year of Elections in Latin America: Navigating Political Cycles, Seizing Long-term Opportunity

January 23, 2024—Around 4.2 billion people will go to the polls in 2024, in what many are calling the biggest electoral year in history.[...

FTI Consulting UK Public Affairs Snapshot: Vaughan Gething: A new First Minister for Wales

March 18, 2024—On Saturday, the Welsh Labour Party announced the election of Vaughan Gething as its new leader, following the resignati...

FTI Consulting Ireland Public Affairs Snapshot: One Year Out from an Irish Election

March 18, 2024—Like many other countries, Ireland will go to the polls in 2024. The Irish electorate will vote in local & European ...

Investor Relations Advisory Solutions

March 18, 2024—Our Investor Relations Advisory team helps companies understand the dimensions of their current valuation drivers and fo...