5
SECURITY
QUESTIONS YOUR
BOARD WILL
DEFINITELY ASK
With cyberattacks on organisations a fact of life, Kasey Panetta, on
behalf of Gartner, explains how CISOs can deal with the inevitable
questions asked by board members seeking reassurance that their
company’s risks are being effectively managed.
K
Know how to respond to
your board’s most likely
security questions.
How secure are we? Why do we need
more money for security, when we just
approved X last year? What do you mean
we’ve had four incidents? I thought you
had everything under control.
Chances are, most security and risk
leaders have heard these questions,
possibly multiple times, from their boards
of directors. But the problem is that these
questions are unanswerable. They are
driven by exaggerated, incomplete or
contradictory public information and are a
distraction from more relevant questions.
cybersecurity and technology risk at
least once a year. Boards today are
more informed about security risk, with
just 15% of directors reporting their
boards have very little to no knowledge
of cyber-risk, down from 22% in 2015.
Further, boards are using the increased
focus on cybersecurity to guide
business decisions. In 2019, a Gartner
survey of security and risk leaders found
that four of every five respondents noted
that risk influences decisions made at
the board level.
Are we 100% secure? Are
you sure? Additionally, security leaders need to be
able to give the board something that
they care about and that is meaningful
to them. Beyond individual passions and
concerns, boards collectively generally
care about three things:
Gartner estimates that by 2020, 100%
of large enterprises will be asked to
report to their boards of directors on Revenue/mission: Operating or non-
operating income and enhancing non-
revenue mission objectives
62
Cost: Future cost avoidance
and immediate decrease in
operating expenses
Risk: Financial, market, regulatory
compliance and security, innovation,
brand, and reputation
“As board members realise how critical
security and risk management is, they
are asking leaders more complex and
nuanced questions,” says Sam Olyaei,
Director Analyst, Gartner. “Boards today
Boards are using
the increased focus
on cybersecurity
to guide business
decisions.
Issue 18
|
www.intelligentciso.com