This week in Business Reporter, Amanda Kamin, CMCO from DSbD partner, Digital Catapult explores the challenges of negotiating for cyber security at Board level. We may need to change the conversation, the language and the approach for the benefits to be clear, she explains.
Here’s a preview:
Digital security teams and management often fail at communicating at board level; struggling to convert technical conversation into one the business understands.
The security message gets lost in translation. This might stem from lack of awareness or credibility on either side; many in business have never been effectively shown the value of good security as part of the business model. Key performance indicators (KPIs) are the kind of quantifiable value indicators that businesses understand. This is the language of business.
So, what are the core KPIs that will provide an effective appraisal of security measures for business leaders? These can be summed up as the three R’s: reputation, risk, and reward.
It’s easy to talk about the impact of a security incident, be that a data breach, ransomware, or some other denial of service attack, being limited to the direct financial losses. But there’s a bigger conversation to be had than regulatory penalties, downtime revenue losses, or even the rights and wrongs of ransom payments. That conversation revolves around reputation.
As a KPI, preventing long-lasting reputational damage is hard to ignore. Damage control in the immediate aftermath of an incident can be attributed a budgeted cost for patching the vulnerabilities, getting things running securely again and investigations to prevent reoccurrences.
Read the full article here.