The Deloitte study "Communicating the value of cyber security to boards and leadership" points to the challenge of showing area executives the risks that exist in the area of Life Science & Health Care.
While such leaders may classify cyber security as a top priority when it comes to action, they may not fully understand and be unable to act in the best possible way. To address this problem, Deloitte has identified seven strategies to communicate to organizations' leaders the importance of effective security.
To help identify key practices in communicating the importance of cybersecurity to boards and leadership, Deloitte has interviewed executives from biopharmaceutical companies, medical device manufacturers, healthcare plans, and healthcare systems that are involved in the cyber area.
1. Create a dialogue to engage leadership and build trust
interviewees explained that a good report would provide leadership with a better understanding of the organization’s current state of cybersecurity with data on threats, vulnerabilities and how they can impact the organization.
2. Use the power of storytelling and narrative to make it real
Create stories about recent cyber incidents in the organization, describe them and be sure to explain the impact they had (or might have had) on business. Connecting specific incidents with specific business functions can help organization leaders make better decisions about how to handle risk and manage processes.
3. Help board members and leadership understand that a “cyber everywhere” mentality is the new norm
Cyber risks simulations can help leaders know how to act in case of real incidents. Cyber exercises immerse participants in a simulated and interactive attack scenario, allowing the organization to test the reflexes of stress response, identify capacity gaps, and train and develop advanced preparation techniques.
4. Explain how the cyber team is collaborating with people inside and outside of the industry
Collaboration between industries is an important strategy. There is a growing need for companies and governments to collaborate to increase learning and strength in this scenario.
5. Use metrics to quantify risks, elevate the discussion in money terms, and connect it back to the business
Organizations should have a clear agreement and understanding of what data is most critical to the company, where it resides, how it is collected and shared, and the potential impact, if compromised.
6. Be prepared to answer and defend questions related to cybersecurity investments
It is necessary to emphasize that cybersecurity is a continuous challenge and no value can make the risk disappear.
7. Regularly assess and discuss future talent models and their potential impact on the organization
One popular strategy is to recruit people with business and communication skills and train them in the technical and cybernetic field.