Talking cyber to the board: ‘Above all, they don’t want jargon’

Today’s security specialists need to be both cyber experts and cyber translators, according to Joanna Place, deputy governor and chief operating officer of the Bank of England

Although cybersecurity is just one element of an organization’s overall business model, the shift to digital has placed CISOs firmly in the spotlight, as management boards realize the importance of protecting their company’s data, systems, and technical infrastructure.

High-profile breaches and an increasingly sophisticated array of cyber-attacks have caught the attention of boards around the world, but according to Joanna Place, deputy governor and chief operating officer of the Bank of England, being a cyber expert accounts for little if you cannot effectively communicate with those who set your annual budget.

Addressing delegates at this year’s Cyber UK, which opened its doors in Manchester yesterday, Place discussed a subject that is vital to all senior security specialists: How do you talk cyber to the board?

“If all the cyber expertise and knowledge resides with the cyber experts only, your business will be very vulnerable, so you need to be a cyber expert and a cyber translator,” she said.

“Security is no different from other central areas of expertise in terms of talking to the board. They want to know how much you are spending and why, what the risks are, and have we got the right skills. Above all, they don’t want jargon.”

Senior management teams are tasked with providing strategic oversight, governing the organization, approving annual budgets, and accounting to stakeholders – but above all, Place said the management board wants to seek assurance that the division leaders understand their business and lead it in a competent way.

“The board may not be cyber experts. In fact, they are quite likely not to be cyber experts, so think about how to engage with them.

“If they don’t understand what you are saying, they may think you can’t communicate very well, but they may also think that you don’t understand your subject – and that will give them cause for concern.”

She added: “Take the board on your security journey with you. Make sure they understand what you are doing. Give them assurance that you know your subject, that you can articulate it to them, and that you can articulate it to the rest of the business.

“By sharing your knowledge, you are going to reduce the risk that your business faces, and therefore you are going to become a much more effective cyber expert.”