Cyber needs to speak language of the C-suite
Chris Henry, Robert Wong and David Foote discuss "Speaking the Language of the C-Suite" at SC Congress Toronto.
Communicating with the C-suite depends in part of creating a language they understand and identifying company assets that are most important, Chris Henry, principal consultant and virtual innovation officer at Dare Innovative, told an audience at SC Congress Toronto 2016 Wednesday.
“List assets out and [determine] which ones if they went away that would be a bad day” when deciding what to protect, Henry said. “And, ask how long can they go away for.”
That's the strategy at Toronto Hydro-Electric System, which, Robert Wong, chief information and risk officer, said has a “well-defined risk appetite statement” that clarifies just how much the company is willing to lose. “We have a threshold of how much we're willing to accept.”
Because the “C-suite is all about accountability,” Wong said his team “appeals to each of our executives who have ownership and accountability.”
The board, he said, requires “a different conversation” since it provides fiduciary oversight but no operational input. “They are noses in, fingers out,” he said.
Boards often don't have the expertise to address technology questions, said David Foote, chief analyst at Foote Partners. They're typically populated by “very powerful, respected” members, “people who have trouble asking stupid questions.”
But with a couple of technical people on deck, the board can obtain the insight it needs to answer a set of very important questions that Foote said include how technology will change the face of competition in a company's industry, what it would take “to exceed customer expectations in a digitally connected world” and who's accountable as well as how they're being held accountable.