Karyl Scott, profile picture
Uploaded byKaryl Scott
PDF, PPTX470 views

What CIOs Need To Tell Their Boards About Cyber Security

CISOs must effectively communicate their cybersecurity strategies to the board, emphasizing the integration of security within the broader context of business and operational risks. The discussion should focus on a holistic approach to security that anticipates potential threats, utilizes real-time analytics, and highlights the board's critical role in understanding and mitigating these risks. As the cyber threat landscape continues to evolve, it is crucial for directors to stay informed about security measures and their effectiveness in protecting the company's assets.

Technology
Related topics:
Board of Directors

Embed presentation

Download as PDF, PPTX
What CISOs Need To Tell Their Boards About Cyber Security Put security in the context of business and operational risk
What will you tell your board members that your company is doing to protect its most valuable assets, and how do you best convey that information? By Now, Your Company’s Board Of Directors Should Have Gotten The Message: Cyber Security Is Their Responsibility Too Over the last few years, shareholders have filed lawsuits against directors and officers at companies like Target, Wyndham Worldwide, Heartland Payment Systems and TJX Companies following massive data breaches. Those suits charged that these parties failed to meet loyalty and fiduciary responsibilities because of inadequate information security controls, policies and procedures. Indeed, boards are concerned about cyber risks, though they are not always as engaged as they should be, according to PwC in its key findings report from the 2015 US State of Cybercrime Survey. Thirty percent of participants say, for instance, that there is no board engagement in this area at all, compared to 25% who report full Board of Director engagement in security issues, planning and decision making. Be Proactive The PwC report recommends that security executives should not wait for the board to ask questions about cyber risks and cyber security preparedness. Rather, CISOs and CSOs should proactively and regularly update the board on what’s being done to monitor and mediate against cyber risks. How will you as an IT leader act on that advice? What will you tell your board members that your company is doing to protect its most valuable assets, and how do you best convey that information? One suggestion is to start by reminding them that we’re now operating in a cloud-first world. Tell them that your team is driving hard to keep business-critical applications and data that reside in on-premises, private, and hybrid clouds safe amid a growing number of points of access that hackers can use to launch an attack. What CISOs Need To Tell Their Boards About Cyber Security 1
Key Talking Points Ideally, you’ll be able to communicate the following about your security arrangements: What CISOs Need To Tell Their Boards About Cyber Security 2 Your current plan emphasizes total, integrated security. Highlight the fact that your efforts instead now veer towards a holistic and adaptive security solution that can complement existing security deployments so that ROI isn’t sacrificed. What matters today is a multi-layered security architecture that takes a “predict, detect, and neutralize” stance spanning premise-based, cloud and hybrid network environments. You’ve seen past approaches fall down on multiple counts. While these approaches have value, your board needs to know that ultimately they leave your enterprise with too many disparate systems; too many alerts with too little cause and resolution information; and no protection against zero-day threats that exploit unknown computer security vulnerabilities. Relying on point systems or Security Incident and Event Management (SIEM) solutions also results in there being too much of a focus on how something bad happened, versus a proactive approach that involves understanding how current activity means that something bad is about to happen. You’ve changed strategy to address the changing threat landscape. Make it plain to your directors that the threat environment is expanding. Tell them that to combat it, you are pursuing the deployment of a comprehensive and integrated security solution. To that end, you must explain that your concentration has been on moving beyond implementing discrete defense disciplines – perimeter defenses, log management, vulnerability management, and endpoint security – and even Defense-in-Depth layering tactics, which have fallen short.
A modern, agile security architecture must include the ability to automatically recognize patterns in network behavior that let you find threats before they occur – a capability that can be enabled by adaptive behavior analysis and machine learning. Such an architecture should include: • Real-time analytics • Continuous expert monitoring • Perimeter/interior protection • Peer-level information sharing • Operational ease of use An Integrated Approach What CISOs Need To Tell Their Boards About Cyber Security 3
Experts suggest that your discussions with the board should be framed in the context of risk, which as business people they are primed to understand. So consider including in your presentation statistics that illustrate risk and its cost, such as: The total number of security incidents detected by respondents to PwC’s The Global State of Information Security Survey 2015 climbed to 42.8 million, an increase of 48% from 2013. Data breaches continue to pack bigger wallops. Over the past year, the cost of data breaches due to malicious or criminal attacks has increased from an average of $159 to $174 per record, according to The Ponemon Institute 2015 Cost of Data Breach Study: Global Analysis. Then, help them understand how your revised approach to security is working in terms of defeating those risks. You can do that best by showcasing key performance indicators – such as the number of security attacks identified and repelled, the elapsed time from incident identification to remediation, control cost/effectiveness ratio – that help them quickly grasp the significant impact of your work and measure its success over time. Given what’s at stake, it’s never been more critical for directors – and your company’s investors – to stay plugged into cyber security threats and what you’re doing to address them. Considering the ease of access that hackers have to tools to do their dirty work – not to mention the criminal enterprise or state sponsorship behind so many attacks – this problem isn’t going away anytime soon. Learn about Masergy’s Unified Enterprise Security (UES) solutions at: www.masergy.com/solutions/managed-security/unified-enterprise-security What CISOs Need To Tell Their Boards About Cyber Security 1. 2. Masergy’s Unified Enterprise Security delivers an integrated approach to advanced threat management. Corporate Headquarters (USA): 2740 North Dallas Parkway, Suite 260 Plano, TX 75093 USA Phone: +1 (214) 442-5700 Fax: +1 (214) 442-5756 European Headquarters (UK): 29 Finsbury Circus Salisbury House 5th Floor London, EC2M 5QQ UK Phone: +44 (0) 207 173 6900 Fax: +44 (0) 207 173 6899 Talk to an expert or request a free consultation. www.masergy.com 4

More Related Content

PPTX
Cyber risk tips for boards and executive teams
byWynyard Group
 
PPT
Role of The Board In IT Governance & Cyber Security-Steve Howse
byCGTI
 
PDF
Cyber security: Five leadership issues worthy of board and executive attention
byRamón Gómez de Olea y Bustinza
 
PPSX
Board and Cyber Security
byLeon Fouche
 
PDF
Cybersecurity in the Boardroom
byMarko Suswanto
 
PPTX
CRI Cyber Board Briefing
byOCTF Industry Engagement
 
PPTX
The Board and Cyber Security
byFireEye, Inc.
 
PDF
Cyber-risk Oversight Handbook for Corporate Boards
byCheffley White
 
Cyber risk tips for boards and executive teams
byWynyard Group
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
byCGTI
 
Cyber security: Five leadership issues worthy of board and executive attention
byRamón Gómez de Olea y Bustinza
 
Board and Cyber Security
byLeon Fouche
 
Cybersecurity in the Boardroom
byMarko Suswanto
 
CRI Cyber Board Briefing
byOCTF Industry Engagement
 
The Board and Cyber Security
byFireEye, Inc.
 
Cyber-risk Oversight Handbook for Corporate Boards
byCheffley White
 

What's hot

PDF
Improving Cyber Security Literacy in Boards & Executives
byTripwire
 
PPTX
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
byPhil Agcaoili
 
PPTX
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
byFireEye, Inc.
 
PPTX
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
byPhil Agcaoili
 
PDF
Leveraging Board Governance for Cybersecurity
byShareDocView.com
 
PDF
Insights into cyber security and risk
byEY
 
PDF
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
PDF
7 cyber security questions for boards
byPaul McGillicuddy
 
ODP
Cyber Security for Financial Institutions
byKhawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
The Benefits of Security From a Managed Services Provider
byCSI Solutions
 
PPTX
Cybersecurity Risks for Businesses
byAlex Rudie
 
PPTX
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
PPTX
Sans 20 CSC: Connecting Security to the Business Mission
byTripwire
 
PPT
Shaping Your Future in Banking Cybersecurity
byDawn Yankeelov
 
PPT
The Security Director's Practical Guide to Cyber Security
byKevin Duffey
 
PPT
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
PDF
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
byKnowledge Group
 
PPTX
Cyber security
byVaibhav Jain
 
PDF
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 
PPTX
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
byInternational Federation of Accountants
 
Improving Cyber Security Literacy in Boards & Executives
byTripwire
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
byPhil Agcaoili
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
byFireEye, Inc.
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
byPhil Agcaoili
 
Leveraging Board Governance for Cybersecurity
byShareDocView.com
 
Insights into cyber security and risk
byEY
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
7 cyber security questions for boards
byPaul McGillicuddy
 
Cyber Security for Financial Institutions
byKhawar Nehal khawar.nehal@atrc.net.pk
 
The Benefits of Security From a Managed Services Provider
byCSI Solutions
 
Cybersecurity Risks for Businesses
byAlex Rudie
 
Cybersecurity & the Board of Directors
byAbdul-Hakeem Ajijola
 
Sans 20 CSC: Connecting Security to the Business Mission
byTripwire
 
Shaping Your Future in Banking Cybersecurity
byDawn Yankeelov
 
The Security Director's Practical Guide to Cyber Security
byKevin Duffey
 
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
byKnowledge Group
 
Cyber security
byVaibhav Jain
 
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
byInternational Federation of Accountants
 

Viewers also liked

PPTX
Bob West - Educating the Board of Directors
bycentralohioissa
 
PDF
Cybersecurity Goverence for Boards of Directors
byPaul Feldman
 
PPTX
Ed Rios - New ncc brief
byTrish McGinity, CCSK
 
PPTX
EISS Cybersecurity Briefing
byEnergySec
 
PDF
Bank Director List of Worries
byBank Director
 
PDF
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
byShawn Tuma
 
PDF
Websense
byCMR WORLD TECH
 
PDF
10 Rules for Vendors - an Overview
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PDF
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
byShawn Tuma
 
PPTX
RSA 2017 - CISO's 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PDF
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
byPhilip Beyer
 
PPTX
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
bycentralohioissa
 
PDF
NTXISSACSC4 - A Day in the Life of a CISO
byNorth Texas Chapter of the ISSA
 
PDF
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
byNorth Texas Chapter of the ISSA
 
PDF
Being the best cybersecurity strategy - Failing Forward
byJames DeLuccia IV
 
PPTX
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
byTripwire
 
PDF
Cybersecurity and The Board
byPaul Melson
 
PPTX
Cyber Security in the Interconnected World
byRussell_Kennedy
 
Bob West - Educating the Board of Directors
bycentralohioissa
 
Cybersecurity Goverence for Boards of Directors
byPaul Feldman
 
Ed Rios - New ncc brief
byTrish McGinity, CCSK
 
EISS Cybersecurity Briefing
byEnergySec
 
Bank Director List of Worries
byBank Director
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
byShawn Tuma
 
Websense
byCMR WORLD TECH
 
10 Rules for Vendors - an Overview
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
byShawn Tuma
 
RSA 2017 - CISO's 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
byPhilip Beyer
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
bycentralohioissa
 
NTXISSACSC4 - A Day in the Life of a CISO
byNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
byNorth Texas Chapter of the ISSA
 
Being the best cybersecurity strategy - Failing Forward
byJames DeLuccia IV
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
byTripwire
 
Cybersecurity and The Board
byPaul Melson
 
Cyber Security in the Interconnected World
byRussell_Kennedy
 

Similar to What CIOs Need To Tell Their Boards About Cyber Security

PDF
For Corporate Boards, a Cyber Security Top 10
byDavid X Martin
 
PDF
Ask the Experts final
byDaren Dunkel
 
PDF
Norman Broadbent Cybersecurity Report - How should boards respond
byLydia Shepherd
 
PDF
Top Cyber News Magazine - Oct 2022
byMatthew Rosenquist
 
PDF
Top Cyber News MAGAZINE. October 2022. Matthew Rosenquist.pdf
byDr. Ludmila Morozova-Buss
 
PDF
speaking-to-board-securiity-whitepaper
byBilha Diaz
 
PDF
Cyber security: five leadership issues worthy of Board and executive attention
byRamón Gómez de Olea y Bustinza
 
PDF
CIOs and Cybersecurity Safeguarding the Digital Frontier
bywilliamshakes1
 
PDF
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
PDF
A CIRO's-eye view of Digital Risk Management
byDaren Dunkel
 
PDF
Gary R. Hayslip April 2023 Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
PPTX
How to present information security risks to Board)
byEduardoCostaVianna
 
PDF
Fortinet: The New CISO – From Technology to Business Focused Leadership
byMighty Guides, Inc.
 
PDF
cybersecurity-250
byChris Crowe
 
PDF
Top Cybersecurity Concerns from Boards & Directors (Mid-2025)
byCybernetic Global Intelligence
 
PDF
What Every CISO Should Learn From the Target Attack
byBooz Allen Hamilton
 
PPT
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
byPriyanka Aash
 
PPTX
Information & Cyber Security Risk
byMurray Security Services
 
PDF
CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)...
byarghokemayu
 
PDF
CIA Trifecta ISACA Boise 2016 Watson
byPatricia M Watson
 
For Corporate Boards, a Cyber Security Top 10
byDavid X Martin
 
Ask the Experts final
byDaren Dunkel
 
Norman Broadbent Cybersecurity Report - How should boards respond
byLydia Shepherd
 
Top Cyber News Magazine - Oct 2022
byMatthew Rosenquist
 
Top Cyber News MAGAZINE. October 2022. Matthew Rosenquist.pdf
byDr. Ludmila Morozova-Buss
 
speaking-to-board-securiity-whitepaper
byBilha Diaz
 
Cyber security: five leadership issues worthy of Board and executive attention
byRamón Gómez de Olea y Bustinza
 
CIOs and Cybersecurity Safeguarding the Digital Frontier
bywilliamshakes1
 
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
A CIRO's-eye view of Digital Risk Management
byDaren Dunkel
 
Gary R. Hayslip April 2023 Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
How to present information security risks to Board)
byEduardoCostaVianna
 
Fortinet: The New CISO – From Technology to Business Focused Leadership
byMighty Guides, Inc.
 
cybersecurity-250
byChris Crowe
 
Top Cybersecurity Concerns from Boards & Directors (Mid-2025)
byCybernetic Global Intelligence
 
What Every CISO Should Learn From the Target Attack
byBooz Allen Hamilton
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
byPriyanka Aash
 
Information & Cyber Security Risk
byMurray Security Services
 
CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)...
byarghokemayu
 
CIA Trifecta ISACA Boise 2016 Watson
byPatricia M Watson
 

Recently uploaded

PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
API-First Architecture in Financial Systems
bycyy111112
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 

What CIOs Need To Tell Their Boards About Cyber Security

  • 1.
    What CISOs NeedTo Tell Their Boards About Cyber Security Put security in the context of business and operational risk
  • 2.
    What will youtell your board members that your company is doing to protect its most valuable assets, and how do you best convey that information? By Now, Your Company’s Board Of Directors Should Have Gotten The Message: Cyber Security Is Their Responsibility Too Over the last few years, shareholders have filed lawsuits against directors and officers at companies like Target, Wyndham Worldwide, Heartland Payment Systems and TJX Companies following massive data breaches. Those suits charged that these parties failed to meet loyalty and fiduciary responsibilities because of inadequate information security controls, policies and procedures. Indeed, boards are concerned about cyber risks, though they are not always as engaged as they should be, according to PwC in its key findings report from the 2015 US State of Cybercrime Survey. Thirty percent of participants say, for instance, that there is no board engagement in this area at all, compared to 25% who report full Board of Director engagement in security issues, planning and decision making. Be Proactive The PwC report recommends that security executives should not wait for the board to ask questions about cyber risks and cyber security preparedness. Rather, CISOs and CSOs should proactively and regularly update the board on what’s being done to monitor and mediate against cyber risks. How will you as an IT leader act on that advice? What will you tell your board members that your company is doing to protect its most valuable assets, and how do you best convey that information? One suggestion is to start by reminding them that we’re now operating in a cloud-first world. Tell them that your team is driving hard to keep business-critical applications and data that reside in on-premises, private, and hybrid clouds safe amid a growing number of points of access that hackers can use to launch an attack. What CISOs Need To Tell Their Boards About Cyber Security 1
  • 3.
    Key Talking Points Ideally,you’ll be able to communicate the following about your security arrangements: What CISOs Need To Tell Their Boards About Cyber Security 2 Your current plan emphasizes total, integrated security. Highlight the fact that your efforts instead now veer towards a holistic and adaptive security solution that can complement existing security deployments so that ROI isn’t sacrificed. What matters today is a multi-layered security architecture that takes a “predict, detect, and neutralize” stance spanning premise-based, cloud and hybrid network environments. You’ve seen past approaches fall down on multiple counts. While these approaches have value, your board needs to know that ultimately they leave your enterprise with too many disparate systems; too many alerts with too little cause and resolution information; and no protection against zero-day threats that exploit unknown computer security vulnerabilities. Relying on point systems or Security Incident and Event Management (SIEM) solutions also results in there being too much of a focus on how something bad happened, versus a proactive approach that involves understanding how current activity means that something bad is about to happen. You’ve changed strategy to address the changing threat landscape. Make it plain to your directors that the threat environment is expanding. Tell them that to combat it, you are pursuing the deployment of a comprehensive and integrated security solution. To that end, you must explain that your concentration has been on moving beyond implementing discrete defense disciplines – perimeter defenses, log management, vulnerability management, and endpoint security – and even Defense-in-Depth layering tactics, which have fallen short.
  • 4.
    A modern, agilesecurity architecture must include the ability to automatically recognize patterns in network behavior that let you find threats before they occur – a capability that can be enabled by adaptive behavior analysis and machine learning. Such an architecture should include: • Real-time analytics • Continuous expert monitoring • Perimeter/interior protection • Peer-level information sharing • Operational ease of use An Integrated Approach What CISOs Need To Tell Their Boards About Cyber Security 3
  • 5.
    Experts suggest thatyour discussions with the board should be framed in the context of risk, which as business people they are primed to understand. So consider including in your presentation statistics that illustrate risk and its cost, such as: The total number of security incidents detected by respondents to PwC’s The Global State of Information Security Survey 2015 climbed to 42.8 million, an increase of 48% from 2013. Data breaches continue to pack bigger wallops. Over the past year, the cost of data breaches due to malicious or criminal attacks has increased from an average of $159 to $174 per record, according to The Ponemon Institute 2015 Cost of Data Breach Study: Global Analysis. Then, help them understand how your revised approach to security is working in terms of defeating those risks. You can do that best by showcasing key performance indicators – such as the number of security attacks identified and repelled, the elapsed time from incident identification to remediation, control cost/effectiveness ratio – that help them quickly grasp the significant impact of your work and measure its success over time. Given what’s at stake, it’s never been more critical for directors – and your company’s investors – to stay plugged into cyber security threats and what you’re doing to address them. Considering the ease of access that hackers have to tools to do their dirty work – not to mention the criminal enterprise or state sponsorship behind so many attacks – this problem isn’t going away anytime soon. Learn about Masergy’s Unified Enterprise Security (UES) solutions at: www.masergy.com/solutions/managed-security/unified-enterprise-security What CISOs Need To Tell Their Boards About Cyber Security 1. 2. Masergy’s Unified Enterprise Security delivers an integrated approach to advanced threat management. Corporate Headquarters (USA): 2740 North Dallas Parkway, Suite 260 Plano, TX 75093 USA Phone: +1 (214) 442-5700 Fax: +1 (214) 442-5756 European Headquarters (UK): 29 Finsbury Circus Salisbury House 5th Floor London, EC2M 5QQ UK Phone: +44 (0) 207 173 6900 Fax: +44 (0) 207 173 6899 Talk to an expert or request a free consultation. www.masergy.com 4