Cybersecurity CEO: My 3 Tips For Presenting In The Boardroom

June 19, 2019

How to effectively engage C-suite executives in your presentations

Robert Herjavec

Los Angeles, Calif. – Jun 19, 2019

We all recognize that a cyber breach can significantly impact an organization’s reputation, and valuation. If you’re heading into the boardroom to deliver a presentation on cybersecurity to C-suite executives, then you’d better be ready to speak their language.

To start, throw the tech talk out the window on your way to the boardroom. Technical IOCs (indicators of compromise) are out, and reputational harm that will lead to revenue decline is in.

Now that you’re in the door – here are my 3 tips for presenting cybersecurity to the C-suite:

  1. Focus on Pain Points. The “pain” part of your presentation should come early on – grab their attention and get them talking. You’re there to help them and you need to understand the business objectives. Why did they invite you in to present? What is their biggest concern? What do they hope to learn from your presentation today? It’s about your organization’s pain, and potential gain. The bottom line is – if you don’t know your C-suite’s pain points, you’re not ready to present!
  2. Use Key Performance Indicators. As security becomes more digestible at quarterly board meetings, it’s crucial that CISOs have the proper metrics to measure progress and identify what risks remain to the organization. Define key performance indicators (KPIs) with your board ahead of time – such as average time to detect and contain, control efficacy, etc. – so that status updates and progress measurements are concise, clear and digestible. Don’t know where to start? Use these 5 KPIs suggested by my team at Herjavec Group in our Cybersecurity Conversations for the C-suite Report.
  3. Prove it with statistics. If you’ve got something important to say, then you’d better be prepared to back it up with credible facts, figures, statistics, and predictions from an expert source. Don’t tell the board that cybercrime is a big problem. Tell them that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined. That being said – don’t just try to scare them. Remember –  boards want data – but only to make informed business decisions about investments and risk. Keep the data relevant to your industry, your technology stack, and your current spends. Consider how your organization is keeping pace with specific trends, risks, and areas of investment in relation to the market? Specifically address:
  • how your cybersecurity program’s maturity is measured
  • how have you closed any vulnerable gaps since your last reporting cycle
  • where are you at on your security roadmap (why is that good/bad, etc.) and finally…
  • are there compliance measures the board needs to know about

Look, I get it – these executive presentations can be challenging. Keep in mind, each player around the table may have slightly different priorities.

For example, the CEO is concerned with the reputation of the company in the event of a breach. How could credibility, customer retention and overall stock price be impacted? The CFO, on the other hand, is concerned with funding security initiatives, understanding how you measure the value of existing investments, and what risks remain.

I encourage you to hold your service providers accountable. If you have to report on certain statistics and KPIs, they should be helping you craft the value-add story.

While the only thing constant in our industry is change, by following these 3 tips, showcasing digestible metrics and leveraging a strong security roadmap, you will be well on your way to inspiring the confidence of your executive team or board.

To Your Success,

Originally posted on cybersecurityceo.com


About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn