- There is a disconnect between security leaders and executive stakeholders on what information is important to present.
- Security leaders find it challenging to convey the necessary information to obtain support for security objectives.
- Changes to the threat landscape and shifts in organizational goals exacerbate the issue, as they impact security leaders' ability to prioritize topics to be communicated.
- Security leaders struggle to communicate the importance of security to a non-technical audience.
Our Advice
Critical Insight
Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.
Impact and Result
- Developing a thorough understanding of the security communication goals.
- Understanding the importance of leveraging highly relevant and understandable data.
- Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
8.7/10
Overall Impact
$2,246
Average $ Saved
5
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Sturgeon County
Guided Implementation
8/10
$2,000
2
Enstar (US) Inc
Guided Implementation
8/10
$2,740
2
YMCA Calgary
Guided Implementation
10/10
$2,000
10
There were no worst parts. Cameron and Ahmad listened to understand what it is that I was trying to accomplish, then through a series of working me... Read More
Present Security to Executive Stakeholders
Learn how to communicate security effectively to obtain support from decision makers.
Analyst Perspective
Build and deliver an effective security communication to your executive stakeholders.
As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected. However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging. Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives. Ahmad Jowhar Info-Tech Research Group |
Executive Summary
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
|
Info-Tech Insight
Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.
Your challenge
As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.
- When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
- This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
- Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.
76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.
62% find it difficult to balance the risk of too much detail and need-to-know information.
41% find it challenging to communicate effectively with a mixed technical and non-technical audience.
Source: Deloitte, 2022
Common obstacles
There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:
- Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
- The issue has been amplified, with security threats constantly increasing across all industries.
- However, security leaders don’t feel that they are in a position to make themselves heard.
- The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
- Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.
9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.
77% of organizations have seen an increase in the number of attacks in 2021.
56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.
Source: EY, 2021
Info-Tech’s methodology for presenting security to executive stakeholders
1. Identify communication goals |
2. Collect information to support goals |
3. Develop communication |
4. Deliver communication |
|
---|---|---|---|---|
Phase steps |
|
|
|
|
Phase outcomes |
A defined list of drivers and goals to help you develop your security presentations |
A list of data sources to include in your communication |
A completed communication template |
A solidified understanding of how to effectively communicate security to your stakeholders |
Develop a structured process for communicating security to your stakeholders
Security presentations are not a one-way street
The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.
Identifying your goals is the foundation of an effective presentation
Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.
Harness the power of data
Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.
Take your audience on a journey
Developing a storytelling approach will help engage with your audience.
Win your audience by building a rapport
Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.
Tactical insight
Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.
Tactical insight
Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.
Project deliverables
This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.
Report on Security Initiatives |
Security Metrics |
||
Security Incident Response & Recovery |
Security Funding Request |
Key template:
Template showing how to inform executive stakeholders of proactive security and risk initiatives.
Blueprint benefits
IT/InfoSec benefits |
Business benefits |
---|---|
|
|