When it comes to cyber risk, most organizations have a communication problem. Executives don’t know enough about what the technology means, and cybersecurity experts don’t know how to put cyber risk in a relevant context. The consequences of inadequate executive governance of cyber risk have never been greater. Yet incorporating the technical intricacies of cybersecurity into how a business should reduce its cyber risk has proved to be a challenge.
A survey of HBR readers sheds light on this communication gap and its consequences. Despite showing broad agreement about the importance of cybersecurity, 68% of respondents agreed that information technology could do more to make sure senior executives are better informed about their organization’s cyber risk and cybersecurity.
On April 27, in a live, interactive HBR-AS audio webinar, Alex Clemente shared insights from this survey about how organizations measure and monitor cyber risk.
He then discussed the threat of cyber risk, and steps organizations can take to mitigate it, with Chris Hallenbeck, chief information security officer for Tanium. Clemente and Hallenbeck discussed:
- How organizations can better facilitate communication on cyber risk
- The importance of using the right cyber risk metrics
- Why using too many metrics (especially technical metrics) can cause confusion
- How to keep executives focused on cybersecurity