The BOHH Breakdown, Part 15: How to Get Your Board Involved in Your Cybersecurity Strategy

In our last post, we shared tips for individuals to stay safe as they begin their Christmas holiday shopping this season. Today, we will address an increasingly important topic – how to address cybersecurity with your board of directors. 

One thing is becoming increasingly clear in today’s climate of nonstop breaches: security matters and data is becoming an asset. It’s time organizations treat cybersecurity as a core business value. Business leaders, starting from the Board of Directors and moving through the C-suite, must insist on their organizations adapting the most effective security measures in their IT platforms, workflows and processes today. 

However, many board members feel they lack the technical aspects about what their role should be as directors when it comes to cybersecurity. Below are some tips to get the conversation started.

1. Speak in language your board understands. Many board members may not know the technical terms when speaking about technology and security.  Try to break it down in terms that are simple and easy for a non-technical professional to understand.
2. Talk about security investments and cybersecurity risks in terms of how it impacts the organization’s business and financial bottom line.
3. Communicate everything in numbers. The board is the oversight of the company, so money matters. If you can relate security investments, potential breach loss, etc. in dollars, it will have a greater impact to how cybersecurity can impact the organization overall.
4. Tie cybersecurity measures to the competitive marketplace. Highlight what the company’s competitors are doing, so the board can understand how the company needs to keep pace with the market. 
5. Share examples of how cybersecurity breach incidents have impacted other organizations in your similar market (Equifax, Uber etc.) – did they lose customers, pay a breach settlement fine, pay a ransom fee?
6. Present the facts of the company. To start a conversation on why having proper security strategies in place is important, gather a list of the organization’s valuable data assets that require protection, so you can customize the conversation to your company’s specific needs.
7. Share a game plan on where and how you think the board should be involved in the company’s cybersecurity strategy. Having this prepared ahead of time will help show the board where they fit into the plan.
8. Bring in a security expert to talk to your board about the importance of having proper cybersecurity measures in place. Having a trusted source always goes a long way in the decision-making process, plus highlights the consequences of a breach such as fines, potential senior job losses etc.
9. Educate them on all of the laws and industry compliance rules in place. This will help them understand why a certain amount of the business strategy needs to be designated to security investments.  Highlight that General Data Protection Regulation (GDPR) is effective starting in May 2018, so there must be a strategy to meet this deadline.
10. Be concise and clear. Do not waste their time. Prepare ahead of time the main points you want to hit to educate them on the necessary security investments.

Leaders who make security a business priority and an integral part of their organizations daily operations, can help navigate their organization to better long-term performance and success. 

Hopefully these will be a useful tool to get the conversation started. Come back next Tuesday when we take a look back at all of the developments and accomplishments made by BOHH this year.