CISO: Communications Redefined

CISO: Communications Redefined – Navigating the Journey from Control Room to Board Room

As companies face increasing stakeholder scrutiny of their oversight and management of cyber risk, the Chief Information Security Officer (CISO) is swiftly cementing its role as a key leader within the organization. 

Against this backdrop, FTI Consulting conducted a survey of over 100 CISOs at large companies with global operations, representing a sum aggregate revenue of $4.4 trillion and more than 528,000 employees in the U.S. to understand both the opportunities and challenges facing CISOs as they navigate this transition and heightened exposure.

  • 81% claim their communication with the Board of Directors (the “Board”) and senior leadership about cybersecurity has increased
  • A majority (58%) of respondents claim that they struggle to communicate technical language to senior leadership in a way that they can understand, and 82% of respondents claim that when they are in front of the Board they feel pressure to make things sound better than they really are
  • Over half of CISOs do not believe that their Board and senior leadership are completely prepared for cyber risks and 63% feel that their concerns are not aligned with senior leadership priorities

Ultimately, the findings reveal the importance of CISOs having regular engagement with Boards and senior leadership on cybersecurity. However, to maximize that engagement they need to be armed with the skills to communicate and translate cyber risks into core business risks.


Internal & External Scrutiny has Increased

  • 85% of CISOs claim the prominence of information security and cybersecurity has increased on the Board’s agenda in the last 12 months
  • 79% feel scrutiny from senior leadership over cybersecurity preparedness has increased
  • 73% believe external media attention and subsequent pressure on organizational cybersecurity preparedness has increased

Explore further here.


CISOs Struggle to Communicate to Leadership

  • 82% claim they have to make things sound better than they are to the Board
  • 66% feel senior leadership struggles to understand their role
  • 58% struggle to communicate technical language in a way senior leadership can understand

Explore further here.


Communication Is Critical, with Incidents on the Rise

  • 88% of CISOs have experienced a cyber attack or incident in the last 12 months
  • Nearly half (46%) claim these incidents were not mitigated quickly
  • 52% claim managing communications with internal and external stakeholders is the biggest challenge when responding to an incident

Explore further here.


Disconnect with Senior Leadership on Cyber Risk Priorities & Preparedness

  • 63% claim their cyber concerns are not fully aligned with senior leadership
  • 52% feel their Board and senior leadership are not completely prepared for the cyber risks they foresee
  • 40% believe their organization is not fully prepared for proposed SEC rules on stricter cybersecurity governance

Explore further here.


Steps to improve disconnect between CISOs and leadership teams

Increased threat activity and a growing focus on companies’ governance and oversight of cybersecurity means that, more than ever, CISOs are having to present to Boardrooms and executive leadership on cybersecurity preparedness. Our survey revealed that 97% have been asked to present in the next 12 months.

When it comes to being set up for success, 88% of CISOs recognize the importance of greater access to their Board to ensure effective management of cyber risk and possibly support their professional development. Similarly, 91% of CISOs feel that reporting to the CEO would help them achieve greater success in their role.

However, despite a desire to move up the corporate ranks, many CISOs feel they need practical support in translating technical matters into terms that will resonate with business leaders.

Ultimately, the CISO role is evolving, with many CISOs needing help navigating this transition. As the CISO gets closer to the Board they will need to speak the language of the Boardroom and arm leaders with the necessary information to make appropriate risk decisions. 91% state that communications training and coaching on presenting to boards is key to helping them make transition.


  • View our research methodology here.
  • Meet the team behind the research here.

Next Step: Secure Your Seat!

To help CISOs prepare for board-level communication, we are launching a training program called, Secure Your Seat. Please contact us for more information.

Button graphic with words contact us


The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

©2022 FTI Consulting, Inc. All rights reserved.

Related Articles

A Year of Elections in Latin America: Navigating Political Cycles, Seizing Long-term Opportunity

January 23, 2024—Around 4.2 billion people will go to the polls in 2024, in what many are calling the biggest electoral year in history.[...

Navigating the Summer Swing: Capitalizing on the August Congressional Recess

July 15, 2024—Since the 1990s, federal lawmakers have leveraged nearly every August to head back to their districts and reconnect with...

Protected: Walking the Tightrope: Navigating Societal Issues on Social Media 

July 13, 2024—There is no excerpt because this is a protected post.

Retail Shareholders: The New Frontier of Shareholder Engagement

July 12, 2024—Retail investors now account for 25% of daily fund flows,[1] making them a significant variable in the value equation fo...