Darkingreading.com reported that “43% of CISOs report to the CEO and 14% report to the board directly….100% of CISOs at large enterprises are on pace to report to their boards on cybersecurity and technology risk at least annually.” The February 20, 2020 article entitled “10 Tough Questions CEOs Are Asking CISOs” which included Tough Question #1 “So What?”:

As CISOs increasingly command time with the board and executive management, they are also expected to speak in business language and make the case for security investment in business terms. 

In other words, don’t enter a meeting ready to spew security jargon and expect less security-minded management to understand why certain risks matter.

Here are all 10 Tough Questions

  1. So What?
  2. How Will This Affect Operations?
  3. Are We Protected Against a Breach?
  4. How Did This Happen?
  5. How Do You Measure Success?
  6. How Do We Create a Security Culture at Our Organization?
  7. Where Do We Stand on (Insert Latest Security Breach Headline Here)?
  8. Can I be Hacked Like Jeff Bezos Was?
  9. How Can Security Help Grow Business Revenue?
  10. Where Is the "Biggest-Bang-For-Our-Buck" Opportunity?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.