It may have taken some time but CISOs now firmly have a place at the boardroom table. But Thom Langford, CTO EMEA at Rapid7, questions whether the CISO’ s message is getting across to the rest of the board. He explores how CISOs can translate cyber-risk into business value. two: articulation. It’ s no longer about fighting for airtime; it’ s about refining the message.

The rise of the securityaware board

Cybersecurity has become an important part of the business agenda for most companies, and security heads are busy polishing up their slide decks stuffed with metrics to share in the boardroom. But many of those security leaders are realising a hard truth: simply being in the room isn’ t the same as being understood.

Getting a seat at the table was only the start. Phase one was access, and now it’ s time for phase

The last few years have seen a substantial shift in the way cyber is handled by senior business leaders. Research has found that 91 % of CISOs are now present to the full board or committee for their company to one degree or another. By now, most boards already know cybersecurity matters; what they want to know now is how it protects their bottom line.

Added to that, Gartner found that around half of boards now have someone with genuine cybersecurity expertise or experience. That certainly leaves room for improvement, but it’ s a huge leap from a decade ago, when you’ d be lucky to find one or two in the whole FTSE 100. That’ s progress.

24 www. intelligentcxo. com