One of the many reasons why cybersecurity programs fail is due to the lack of funding from the organization. And the main fallacy for this? C-suite employees fail to understand the importance of funding cybersecurity programs. In addition, there is also a lack of funding, training, resources and individuals dedicated to cybersecurity amongst companies.
Talking shop with c-suite executives (e.g. CEOs, CFOs) who have little to no experience in cybersecurity can be a daunting task. As a recruitment outsourcing company with tech recruiters onboard, we understand the struggle of convincing C-Suite executives the importance of cybersecurity. But hopefully, the steps below might be helpful in your journey!
1. Explain the basics
No one wants to spend big money on processes and things that they don’t understand. Explaining the technicalities of cybersecurity to someone without a solid foundation in the subject can be tricky. However, a good way to introduce the basics of cybersecurity to your organization is by describing the common goal you’d want the organization to attain.
Some common cybersecurity goals include:
Promote confidentiality: If the organization is looking for both privacy and ways to protect their data, then confidentiality is the goal to strive for! One way to promote good confidentiality is by introducing data encryption methods. However, on a more basic scale, confidentiality and data protection can be promoted through simple security measures. This can include the use of 2-FA (two-factor authentication) to the total elimination of passwords. Learn more about basic methods to password protection here.
Determine data access: Some companies (e.g. SME’s) might not see the intrigue in limiting data access. As a security professional, you’ll need to collaborate with different teams and determine who can access shared information (e.g. shared Google drive files).
Creating backups: A good cybersecurity professional plans for two occasions: they plan to secure and protect various databases and structures, and create backup plans in case of any potential cyber breaches.
Read more about some of the more common cybersecurity goals here.
2. Speak their language
Take a pointer or two from the Human Resources team and tweak the way you present the information to your audience. You’ll want to have a conversation that the upper management can understand. Refrain from using technical language. Instead, explain the losses, profits, or costs through facts and figures.
Because you’ll be primarily talking to your bosses in simple business terms. Don’t forget to familiarize yourselves with both the different business terms and pain points your organization has identified.
Examples of terms you might need to brush up on include:
Profit and losses
Beating the competition
Additionally, in terms of communication, try to describe the costly impact of cybersecurity ignorance through stories. Analogies and case studies are a great way to illustrate your points. The best thing to do would be to create an analogy that both your supervisors as well as the other employees in the organization can understand.
3. Discuss cybersecurity topics frequently
Familiarity is the key to understanding any subject matter. Frequent talks revolving around important cybersecurity topics can dispel the air of mystery surrounding the topic. This makes it easier for everyone in the organization to pick up on various cybersecurity knowledge and facts.
It’s important to remember that despite the frequent discussions, never assume understanding. Some cybersecurity specialists encourage security professionals to ask for constant feedback. “Do you understand?”, “Is there anything that you need help with?” are some questions you might want to ask at every step of the discussion.
Of course, having great communication skills is not limited only to cybersecurity specialists looking to talk to c-suite executives. But having great communication skills is key to delivering a discussion regarding any complicated topic.
Other key skills you’ll have to consider adopting can include:
Emotional Intelligence: Not everyone is comfortable admitting their confusion. Thus, emotional intelligence is needed in order to be able to pick up on unspoken body language.
Creativity: No, this isn’t a skill limited only to tech and product design or the creative arts. However, this is simply a skill that allows for unusual ideas and solutions. Creativity is an especially useful skill when it comes to brainstorming sessions. Which you may be part of if your job requires constant interaction with C-Suite employees.
Leadership skills: In order to speak to leaders, you must first embody the leader. Having good leadership skills can also lead to better teamwork and team building skills.
Some examples of leadership skills that you might want to brush up on include:
To be able to strategically plan
The ability to lead team projects
Delivers projects, assignments, and KPIs on time
In any case, you can learn more about the different skills cybersecurity specialists should adopt with these articles below!
Rome wasn’t built in a day. And for that, it’s best to not expect too much, too fast. Constant communication is the key to helping non-techie individuals understand cybersecurity. Therefore, continue having these conversations. Soon, you’ll be able to have deeper conversations about the more in-depth cybersecurity goals of the organization.
Did this article resonate with you? Share your thoughts with us in the comments section below!