How to discuss cybersecurity threats and strategy with your board

How to discuss cybersecurity threats and strategy with your board

How to discuss cybersecurity threats
and strategy with your board


It’s safe to say that tech-driven business models and operational systems are the new standard. This means the protection of digital assets is something no organization can afford to ignore. But does your board realize the extent of the threats being faced?

While it might be clear to cybersecurity teams, sometimes the executive board needs a little extra help to understand how serious and far-reaching these threats are. Getting top-level sign off on your cybersecurity strategy and policies is crucial, and the onus is on cybersecurity teams to drive this forward.

Here, we talk through our top tips to improve communication with the board to ensure cybersecurity is prioritized in your organization.

Lose the technical jargon

While SIEMs, APT Prevention and Next-Gen Firewalls are your everyday reality, don’t assume the board understands technical terminology. Getting your voice heard during meetings depends on clear explanations, so replace the jargon and acronyms with a universal language.

If you can’t lose the technical detail, try and get creative with how you communicate your points. Analogies like leaving the doors to the house unlocked create relatable connections and high-quality graphics make complex data digestible.

Use real-world examples

Unless your board truly understands the implications of a cybersecurity breach, the threats you present will seem abstract. Real-world examples will contextualize these threats and their potential impact –there are plenty of publicly available research papers and case studies to give weight and merit to your arguments.

Just remember to draw these scenarios back to your organization, highlighting the immediate and long-term effects of a breach. You want the meeting to close with the clear consensus that cybersecurity is not an optional extra.

Maintain an open dialogue

When cybersecurity is working well, it creates the misconception that nothing more is needed. But, as every cybersecurity expert knows it’s a constant game of cat and mouse to keep ahead of the latest threats.

Keep cybersecurity as a standing agenda item to ensure it doesn’t slip down the list of priorities. Over time, this fosters positive relations as the board develops a better understanding of the valuable role your team plays within the organization.

It’s also advisable to set up a reporting system to feedback hard metrics to the board at regular intervals to show the results your strategy delivers.

And remember, communication is a two-way street. Other agenda items are often highly relevant to your operations, such as new third-party software purchases or policies containing digital practice.

How SIRP can help you

No organization can afford to waste resources and even the most generous budget needs to demonstrate continued ROI. Our powerful automation and orchestration functions reduce the amount of manual tasks security teams need to take care of, delivering better value-for-money with your resources.

Our Risk Management module contextualizes the threats your organization faces with a clear ranking system. Ready-made graphs and metrics will enrich your presentations to drive your point home during meetings.

Book your demo today to see how SIRP can help to prioritize cybersecurity in your organization

Get a Demo