How to Communicate Cyber ROI – Not Just Show It
As a CISO, one of your main responsibilities is creating and implementing a security plan. While these plans vary depending on which industry you operate, they usually consist of the same elements such as policies, procedures, technologies, and budgets.
In order to do your work properly, however, you will need to present your plan to the board and hopefully secure funding if you are to move forward. But the communicating part isn’t always as easy as one would think, especially when it comes to the intangibles of cyber security and risk ROI.
Importance of Communication and Visualisation
While you could just present your plan and probabilities of cyber threats to the board, it’s unlikely that only showing risk scores and traffic light colours will be enough to get your plan funded. You will need to communicate it properly to the board and use the language they make decisions in – financials.
Boardish allows you to do exactly that: it communicates in terms that the board wants to hear, and it quantifies threats and solutions properly by showing ROI – how much the solution is protecting you, in relation to how much it costs, in relation to company turnover.
It’s an accessible tool that CISOs can use regardless of the size of your business and offers a simple way to quantify risk for small, medium, and large businesses. With Boardish, you can make custom visuals, showing only the information that is relevant to the board, giving your presentation more impact while, at the same time, making it easier to read and understand for an audience that doesn’t really care which type of tools are used, as long as the company is protected.
Useful Tips for Communicating Cyber ROI to Decision-Makers
To speed up the decision-making process, get budget approvals quicker, and have better communication with decision-makers here’s 3 tips for communicating cyber ROI:
#1 Explain that your plan aligns with the business strategy
A CISO should show that they understand the board’s business strategy and that the proposed plan aligns with it. By using Boardish, you can show exactly how it does that. You can show the impact each cyber threat has on the business turnover, how much it would cost the company if you would suffer from specific cyber threats, and how effective each mitigation solution is in financial terms.
#2 Simplify communication
Avoid worrying about specific tech jargon, talking in depth about technical problems and innovative solutions you’re planning to use. Your decision-makers are smart, but they aren’t cyber professionals (that’s why they pay you) and they need to know how the business is going to be impacted (for better or worse). They don’t care what type of Microsoft licensing you’re using! Keep it simple.
#3 Remove the unknowns and ‘probabilities’
Be as clear and accurate as possible when communicating with the board. Do not rely on guesswork and what you think will probably not happen. Because then you take on the risk ownership. Instead, show exact numbers as much as you can.
Boardish was designed with CISOs in mind. If you have been struggling to get approval for your cyber budget, maybe it’s time to try the Boardish approach by communicating cyber ROI. You can register now for a 14-day free trial.