Thursday 3 November 2022
In association with
Communicating effectively with our boards, to ensure they understand the implications and issues, is critical in minimising frustration about how risks to information assets are measured and mitigated. Until (and unless) more is done to improve such understanding and governance at the highest level, we can expect to see more high-profile breaches and casualties. Communication is essential to prove and enable strategic cybersecurity plans and objectives.
At previous SASIG meetings, we have identified that one of the most significant barriers between cybersecurity leaders and their boards of directors is a lack of meaningful understanding. Studies consistently reveal that boards are still struggling to get to grips with the cybersecurity challenge; they know it is a risk but are still uncertain about its scale and thus what to do about it. But by adapting the way we communicate and measuring the real-world success of risk management programmes effectively, boardrooms can better understand their current risk exposures, appreciate the best risk reduction for their investments, and help identify where resources can best be focused to reduce vulnerabilities and improve security.
At this event, we explored how we can more effectively communicate with the board by speaking their language, and ways we can quantify cyber to be more digestible.
Presentations on the day included:
Closing keynote – Operation Stronghold: How one CISO made cyber the company’s #1 priority
Presented by Tammy Archer, CISO, Inchcape
Choosing the right metrics for the board
Presented by Jim Griffiths, CISO, Associated British Foods
Is security failing the board? And is the board failing security?
A panel session facilitated by Stuart Frost BEM, Head of Enterprise Security & Risk Management, Department for Work & Pensions
With Tree Hall, CEO, Charity IT Leaders
Bernadette Palmer, Security Awareness and Training Manager, Publicis Groupe
Jim Griffiths, CISO, Associated British Foods
Monopolising the board: How to win the support of the board in advancing your security stack
Presented by Elliott Went, Senior Systems Engineer, SentinelOne
Show me the money – A hitchhiker’s guide to quantifying cyber risk
Presented by Peter Hughes, Technical Director, Skybox Security
Communicating with the board
A panel session facilitated by Martin Smith MBE, Founder and Chairman, The SASIG
With Andreas Wuchner, Angel Investor, CybSafe
Gaynor Rich, Group Director (VP) Cybersecurity Compliance and Deputy CISO, BT
Dan Potter, Director of Operational Resilience, Immersive Labs
Dr Ola Michalec, Senior Research Associate, University of Bristol