Insights

Cybersecurity Budget: CISO Advice for Getting Your Board of Directors to Take Notice

J.S. Held Strengthens Forensic Accounting and Financial Investigations Expertise and Expands Suite of Services in Canada with Acquisition of ADS Forensics

Read More close Created with Sketch.
Home·Insights·Articles

Introduction

There are many CISOs and CSOs out there hiding their proverbial sweaty palms.

They’re stressed out, worried that it is just a matter of time before their network gets caught up in some embarrassing data debacle – perhaps it will be ransomware, or a targeted attack, or an insider leak.

And they know they will then truly be in the hot seat.

Thing is, for many, it is a 'fingers-crossed game' because few responsible for cybersecurity are granted the right people, budget, and processes.

Worse, many aren’t even given allocated resources or funds to test assess their system resiliency, meaning they have no idea what state their systems are really in.

Think about this, though. Don’t most organizational leaders try to maintain a healthy approach to risk, resilience, and optimism in their day-to-day jobs? Could this be why so many blanch when disaster recovery, data protection, and cybersecurity policies are discussed?

Information security is, after all, about being prepared for bad scenarios.

So we need to figure out to how to make Information Security much more engaging in the boardroom.

How to Secure Your Stakeholder Audience

Serious security incidents can deliver a nasty knuckle-sandwich to the shareholder, and it hits where it hurts them the most: the wallet.

CISOs and CSOs need to take advantage of this very real pain point to secure appropriate budget and resources.

Here are some recommended guidelines on how to improve the CISO / CSO relationship with stakeholders and the organizational board.

  1. Provide cyber training designed specifically for upper management. Do not assume they have strong cybersecurity skills. If this UK government password-sharing fiasco is anything to go by, senior staffers don’t always know their role in security of the network. This is a great way to familiarize the team with security terminology and recommended policies.
  2. Feature cybersecurity on the meeting agenda often. Ensure information security is regularly featured in the board and senior management quarterly review meetings. The only way cybersecurity will become a real top priority is for you to make it one.
  3. Don’t try to wow stakeholders with your technical prowess. Keep their attention to the high-level issues to secure your budget requirements so you and your teams can implement the improvements. Only deep-dive into the tech weeds upon request, but when you do, make sure you know your stuff – or know how to get the answer quickly.
  4. Don’t hide security incidents from stakeholders. Your job is to keep them informed of the actual state of information security, not a fictitious one. Without the facts, much more liability may fall onto your shoulders.
  5. Update the board on latest risk levels based on trusted assessments. They need to know how exposed the organization is to IT threats, and the recommended mitigations to bring that exposure level down a peg or two.
  6. Bring in third-party experts as appropriate. If you are lacking cybersecurity expertise in-house, then bring in a trusted third party to perform assessments and provide recommendations.

Acknowledgments

We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.

Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.

Kevin can be reached at [email protected] or +1 843 890 8596.

Find your expert.

This publication is for educational and general information purposes only. It may contain errors and is provided as is. It is not intended as specific advice, legal, or otherwise. Opinions and views are not necessarily those of J.S. Held or its affiliates and it should not be presumed that J.S. Held subscribes to any particular method, interpretation, or analysis merely because it appears in this publication. We disclaim any representation and/or warranty regarding the accuracy, timeliness, quality, or applicability of any of the contents. You should not act, or fail to act, in reliance on this publication and we disclaim all liability in respect to such actions or failure to act. We assume no responsibility for information contained in this publication and disclaim all liability and damages in respect to such information. This publication is not a substitute for competent legal advice. The content herein may be updated or otherwise modified without notice.

You May Also Be Interested In
Perspectives

Inside the Healthcare Industry: The Impact of Human Factors & User Experience in Healthcare

A Q&A article about the role human factors and user experience play in medical and patient safety and in medical product design,...

Perspectives

Lending Climate in America – 3rd Quarter 2024 Survey

In our Q3 2024 survey, with inflation still a factor, the lenders queried share they are focused on the economic impact of the upcoming presidential election....

Perspectives

Crosscurrents: Harmonizing Global Sustainability Reporting & IFRS and ESRS Interoperability Guide

Learn about the new IFRS/EFRAG interoperability guide and how it impacts sustainability requirements, compliance, and reporting....

 
INDUSTRY INSIGHTS
Keep up with the latest research and announcements from our team.
Our Experts