Board of Directors meeting agendas are typically over-crowded, and cybersecurity often falls to the cutting room floor if not kept top of mind with the right influencers [year-round].
The question, is how do you get this topic on the agenda and have it properly interpreted into messaging that resonates with their thinking?
In this video Hadi Hosn, SecureWorks Head of Security Strategy and GRC Consulting in EMEA, gives the #1 tip to getting security on the board agenda and understanding the requirements of their thinking.
The top tip for security agenda to be raised with the board is to really find a sponsor on that board. Who on that board understands security and is technical in nature? Get close to that person. Build a rapport with him or her as a security function. Give them the idea of what security controls the board needs to be aware of. If you have a sponsor and a supporter on that board they can then portray that message onwards to the board level attendees in a way that understands the requirements in their thinking. Things around intellectual property, loss of reputation or damage to reputation, or even loss of operational time responding to an incident. You can address those as a security professional but having a supporter on the board makes your message so much stronger when it comes to board engagement.