Teamwork makes the dream work. Unfortunately, when it comes to cyber security issues, CEOs and their CIOs aren\u2019t always on the same page, and the dream can turn into a nightmare.\nThis communications breakdown is highlighted by two recent surveys showing that CEOs view their companies\u2019 cyber security readiness very differently than their CIOs. The KPMG U.S. CEO Outlook 2018 found that 77 percent of CEOs believe their organizations are either \u201cvery well\u201d or \u201cwell\u201d prepared for a cyber incident. This stands in stark contrast to only 22 percent of CIOs and tech leaders who feel the same way, according to Harvey Nash\/KPMG CIO Survey 2018.\nThis is a critical gap as cyber security is a growing threat to all organizations. And you can\u2019t go past a newspaper stand or TV without seeing a story about how cyber-attacks have devastated a company. A company can take a huge hit to its pocketbook or reputation if money or data is lost, stolen or deleted. Investors, the public, and even your employees are left believing that you were negligent with your cyber security setup, which can ultimately undermine your company\u2019s stability, and possibly survival.\nWhy the disconnect?\nThere\u2019s enough blame to go around. In some cases, CEOs may be willfully blind about the state of the firm\u2019s cyber security protection. The may want to paint a rosier picture to investors, the board or the stakeholders than what actually exists so they can generate or boost confidence in the business. In other instances, they may not fully understand the nuances of cyber security and may be convinced, often by third party vendors, that the firm\u2019s cyber defenses are pristine.\nBut the blame may also fall on the shoulders of the CIO. Communicating complicated, technology-related information in a manner that non-IT experts understand can be a challenge. CIOs (and their IT departments) may be experts in their field, but they may fall short in articulating the shortcomings of their firm\u2019s cyber security system and what needs to be done in a manner that resonates with the CEO.\nGetting the message across\nHere are some techniques to help CIOs communicate the true status of their firm\u2019s cyber status with their CEOs and boards.\n\nMeet regularly with the CEO to communicate cyber-risk and technology issues. You should also attend board and other executive meetings whenever possible to help you stay up-to-date on relevant company information and issues. Note that while almost two-thirds of CIOs are members of the board or part of the executive management team, this figure is down nine percent from the prior year.\nTell the cyber and technology \u201cstory\u201d at the appropriate level when you meet with the CEO and\/or the board. Don\u2019t be too basic, but also don\u2019t bombard them with bits and bytes of data that will just go over their heads. Be transparent about performance issues and present benchmarking information about what other comparable organizations are doing.\nBecome more business savvy. CIOS need to view the cyber world through the lens of the business. Have your CEO clearly articulate the firm\u2019s business goals and risk tolerance level in terms of cyber. After that, you can better identify, quantify and prioritize cyber risks, and describe, in plain language, the potential cyber risk in terms of \u201cbuckets\u201d of financial, reputational, regulatory, and personnel\/safety damage (e.g., critical: $500 million+; \u00a0moderate: $50 million or less). Then, make recommendations about what the business should do, where it needs to invest (or increase investment), and how the investment will help.\nAct as a cyber risk consultant with respect to third-party vendors. In the past, CIOs typically had significant input in decision-making with respect to third party vendors or suppliers where potential IT issues were involved. These days, CIOs and internal IT departments are often cut out of this process.\n\nCEOs and individuals business units might go off on their own and make deals with vendors who provide services or supplies with IT-related components (e.g., supply chain providers, lead-generation marketing services, and cloud service providers). These vendors may give CEOs a false sense of security, reassuring them that their cyber protection is bullet proof. And, these reassurances are too readily accepted because the CEOs are focused on functionality, not cyber security.\nCIOs need to insert themselves into the situation and take the role of risk management consultants. They\u2019re the ones in the weeds and know the right questions to ask and what to look for (e.g., what\u2019s the level of privilege user management). This may require CIOs and their departments to upgrade their business skills and \u201cmarket\u201d themselves a little differently to their organizations.\nMaking the dream come true\nIn this new business environment, to help their organizations bolster their cyber security protections and also boost their careers, CIOs must find ways to communicate more effectively and consistently with their CEOs and the board. They must integrate themselves into the various business units, learn what their IT needs are, and work together to help them achieve their goals while remaining on top of potential cyber security risks.