Communicating Cyberrisk to Organizational Leadership

Communicating Cyberrisk to Organizational Leadership
Author: ISACA
Date Published: 18 January 2021

Cybersecurity professionals are often tasked with presenting technical risk assessments and the subsequent implications to their organization’s board of directors (BoD). To do so effectively, one must adopt the language that the board members use, which will resonate with the degree of organizational governance that the board provides.

Cyberprofessionals perform their job functions using a heavily technical mindset. BoDs are charged with leading an organization’s strategic and economic affairs, which may include cybersecurity as a subset. This makes it critically important for cyberprofessionals to position security issues within the context of larger business objectives. Cybersecurity initiatives that align with strategic direction create organizationwide support that contributes positively to the overall financial and reputational status of the enterprise. For an organization to achieve this, its IT professionals must foster strong communication with its BoD.

To help improve dialog between technically minded cyberprofessionals and their organizations’ BoDs executing high-level, organizational strategy, ISACA® has released the white paper Reporting Cyberrisk to the Board of Directors. This white paper is designed to aid IT practitioners in communicating with BoDs and similarly strategically minded, nontechnical stakeholders.

The white paper addresses the following critical issues:

  • Cyberrisk as strategic risk
  • Oversight programs
  • Legal and regulatory concerns
  • The role of threat intelligence
  • Reporting and education for boards

Learn more about how cybersecurity professionals can effectively address BoDs by reading the Reporting Cyberrisk to the Board of Directors white paper, available for download on the ISACA website.