Communicating risk to your board

It isn’t a secret cybercrime is on the rise. In fact it’s quite the opposite. Because of so many high profile and recognized brands being breached, it’s no longer just a topic of conversation for those in the information and network security field – it impacts everyone. While the increase of cybercriminal activity may be common knowledge, it still may be difficult to communicate the true implications of a breach to your board. Review these three simple tips while preparing your argument for the importance of understanding data breaches and risk to your board of directors.

1. Calculate the true cost of an attack.

The mistake that breached companies are finding out the hard way is that they didn’t predict the overall price a breach would ultimately cost them. By only focusing on IT costs and upgrades, these companies didn’t accurately take into account the millions of dollars that had to be spent on credit monitoring services and absorbing fraudulent charges. However, in their defense, you would be hard pressed to calculate an accurate financial projection for every single security breach. Rather, focus on what’s possible, improbable and impossible. Then decide what your company is willing to provide, financially, in those types of scenarios.

2. Consider the implications of how a breach will affect the overall health of your organization.

Not only will a security breach affect your market valuation but also the health of your reputation or image in the eyes of your customers and shareholders. Frame up your argument to show how devastating a security breach would be to your company – both monetarily and in reputation. If you lose the confidence of your shareholders and consumers, this, too, will affect your bottom line.

3. Protect your company sensitive data.

Are you truly confident in the safety of your company’s sensitive and IP data? If a hacker used sophisticated software to continuously attack your outdated or neglected security systems, would your company survive the cascading effects? Don’t put your critical information or your company at risk. Theft or tampering of your company’s data can impact your competitive intelligence and advantage, not to mention future investments or earning potential. Cybercriminals will be persistent to hack, steal and sell your sensitive data to the highest bidder.

When it comes to accurately communicating risk to your board, put the implications in terms they can understand. Showcase how it will affect the health of your organization in terms of reputation, market valuation and revenue. Prove that by increasing your information and network security efforts, it will ultimately protect your organization’s private and critical data, ensuring your company’s future.

How do you effectively communicate risk to your board?