19 Jun Cybersecurity CEO: My 3 Tips For Presenting In The Boardroom
How to effectively engage C-suite executives where it matters the most
Los Angeles, Calif. – Jun. 19, 2019
We all recognize that a cyber breach can significantly impact an organization’s reputation, and valuation. If you’re heading into the boardroom to deliver a presentation on cybersecurity to C-suite executives, then you’d better be ready to speak their language.
To start, throw the tech talk out the window on your way to the boardroom. Technical IOCs (indicators of compromise) are out, and reputational harm that will lead to revenue decline is in.
Now that you’re in the door – here are my 3 tips for presenting cybersecurity to the C-suite:
1. Focus on Pain Points. The “pain” part of your presentation should come early on – grab their attention and get them talking. You’re there to help them and you need to understand the business objectives. Why did they invite you in to present? What is their biggest concern? What do they hope to learn from your presentation today? It’s about your organization’s pain, and potential gain. The bottom line is – if you don’t know your C-suite’s pain points, you’re not ready to present!
2. Use Key Performance Indicators. As security becomes more digestible at quarterly board meetings, it’s crucial that CISOs have the proper metrics to measure progress and identify what risks remain to the organization. Define key performance indicators (KPIs) with your board ahead of time – such as average time to detect and contain, control efficacy, etc. – so that status updates and progress measurements are concise, clear and digestible. Don’t know where to start? Use these 5 KPIs suggested by my team at Herjavec Group in our Cybersecurity Conversations for the C-suite Report.
3. Prove it with statistics. If you’ve got something important to say, then you’d better be prepared to back it up with credible facts, figures, statistics, and predictions from an expert source. Don’t tell the board that cybercrime is a big problem. Tell them that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined. That being said – don’t just try to scare them. Remember – boards want data – but only to make informed business decisions about investments and risk. Keep the data relevant to your industry, your technology stack, and your current spends. Consider how your organization is keeping pace with specific trends, risks and areas of investment in relation to the market? Specifically address:
- how your cybersecurity program’s maturity is measured
- how have you closed any vulnerable gaps since your last reporting cycle
- where are you at on your security roadmap (why is that good/bad, etc.) and finally…
- are there compliance measures the board needs to know about?
Look, I get it – these executive presentations can be challenging. Keep in mind, each player around the table may have slightly different priorities.
For example, the CEO is concerned with the reputation of the company in the event of a breach. How could credibility, customer retention and overall stock price be impacted? The CFO, on the other hand, is concerned with funding security initiatives, understanding how you measure value of existing investments, and what risks remain.
I encourage you to hold your service providers accountable. If you have to report on certain statistics and KPIs, they should be helping you craft the value – add story.
While the only thing constant in our industry is change, by following these 3 tips, showcasing digestible metrics and leveraging a strong security roadmap, you will be well on your way to inspiring the confidence of your executive team or board.
To Your Success,
– Robert Herjavec, founder and CEO at Herjavec Group, and a Shark on ABC’s Shark Tank, provides insights to C-Suite Executives in his Official Blog at Cybercrime Magazine. Herjavec Group is a Managed Security Services Provider with offices and SOCs (Security Operations Centers) globally.