In a contributed piece to the Wall Street Journal, Deloitte offers the following four tips to help engage executives in cyber risk discussions.
1. Highlight top risks and show results to senior business leaders. With the help of threat intelligence experts, identify top cyber risk areas and highlight these points for executive leadership. Visualizing the threats can help boost executive’s education about cyber risks as well as ignite discussion about a cyber risk program.
2. Establish risk and performance indicators. Security leaders should identify the most serious cybersecurity risks, communicate the company’s level of exposure to those risks and share the employed cybersecurity methods to manage those risks. By tying cybersecurity to business risks, using standards and language executives and business leaders understand can help ensure all involved are on the same page, according to the report.
3. Practice responses with a simulated incident. A key way to test an organization’s preparedness to respond to a cyber incident is to hold a simulation. Doing so can help demonstrate that cyberattacks are not just an issue in the IT department; rather, they affect the entire organization. Additionally, simulations can identify gaps in cybersecurity processes and can help participants understand any challenges in responding to an incident.
4. Conduct due diligence on new technologies. Simply implementing a new security technology isn’t a fix-all solution for cybersecurity. Deloitte suggests organizations thoroughly scrutinize new technologies and the additional risks they may present.
More articles on cybersecurity:
More CIOs could face legal consequences following data breaches
Boards’ knowledge of cybersecurity trends low
Physician vs. hospital administrators: The divide in cybersecurity perception
