Boardroom Bound

Briefing the board on security: Put data in the driver’s seat

Skip the scare tactics and cultivate “tech champions” among your board directors via data-driven stories and cybersecurity scorecards.

data analytics / risk assessment / tracking data or trends
ipopba / Getty Images

With the annual costs of cybercrime in the trillions of dollars, the boardroom conversations CIOs have about cybersecurity are weighted with anxieties on both sides.

“We have a burning platform, and that’s a leadership opportunity” CIOs should step up and seize, says Bob Zukis, founder of the Digital Directors Network, an executive association that advocates for technology expertise on boards. “The board is focused on value-creating opportunities, so the two conversations need to go hand in hand.” 

Yet as technology topics go, information security has always been prone to geeky acronyms, cartoonish names for dangerous malware and technical complexities that defy concise explanations to businesspeople. 

“The easiest way to talk to the board about cybersecurity is to scare them. It’s not hard. There’s always something happening somewhere close to home,” says Greg Morrison, former CIO of Cox Enterprises and now a board director for Veritex Holdings. “But you can only do that once.” 

Far more effective as a strategy, Morrison adds, is for CIOs to cultivate knowledgeable advocates and tech champions among the board members. “If the board has a technologist, usually they’ll reach out to the CIO's organization to get more perspective directly from that CIO. You can use that person to advocate for the message you want to convey.”

That’s what happened with former Sysco CTO Wayne Shurts after he joined the board of directors at Armstrong Industries last year. He met and connected with Armstrong’s CIO to collaborate on a cybersecurity presentation to the board. Since then, Shurts has spent time with the CIO’s staff enjoying his “deep dives” into Armstrong’s technology plans around IoT in manufacturing. 

Tell your story with data

Back when he was presenting cybersecurity updates to his board at food distribution giant Sysco, Shurts took a two-pronged approach. One part of that was to share a dashboard of specific cyber metrics at every board meeting, which gave the corporate directors a trend line to monitor throughout the year. 

To continue reading this article register now

Download CIO's Winter 2021 digital issue: Supercharging IT innovation