IT Professionals Need Finance Knowledge for Convincing the Board Members

IT Professionals Need Finance Knowledge for Convincing the Board Members

Mr. J. Matthews’ who is working as a CIO Professional wrote an important article that was recently published on Forbes and the title was ‘how to talk to the board about cybersecurity’.

His 4 main topics are:

  • Lead with Resilience
  • Get on the Same Page
  • Make It About “When,” Not “If”
  • Underscore the Importance of Innovation

Let’s analyze these useful advises on cybersecurity issues and add our contribution on them.

  • IT Professionals should learn and use ‘business language’ to tell the things about cybersecurity to the board members. For example, instead of using ‘cyber risks’, they can explain the value which can be added to the business of the entity by ‘cybersecurity
  • IT Professionals should put themselves and prove it continuously being in a process developing on opportunity & risk management budget
  • It is very difficult to convince the board members only with ‘data breach prevention’. Detection, mitigation, and resilience precautions against cyber threats and showing to have advanced instruments for responding cyber-attacks and also recovering the effects of them can increase the profit of the entity. And, helping entity’s sustainable growing
  • In the daily entity-wide IT Operations focused on performance, which requires speed and agility. On the other hand, Security Operations focused on protecting critical assets and data. So, there is a contradiction amount their targets. For this reason, IT professionals should convince the board members of the entity on how these two different operations are supporting the Business Operations. The concentration should be on supporting profitability target of the entity with reliable operations, instead of repeating risk, danger, threats etc. words. IT professionals should prove to the board members that they are in the same page with
  • IT professionals need to prioritize innovation, adaptability, and resilience and communicate the importance of continuous innovation as a proactive defense mechanism with the board

They should develop innovative and proactive mechanisms as part of the entity and every time being ready to support the achievement of the strategical targets of the entity, instead of image of every time only demand budget for cybersecurity operations. Because of the difficulties to decide a proper budget on preventing continuously developing cyber-attacks methods (referring our article The Cyber Threats: How Much is Enough?)

Bülent Hasanefendioğlu – Head of Consultancy

Leave a Reply

Your email address will not be published. Required fields are marked *