If you rely on the CISO to educate the board, the board makes decisions based on the information they have. That’s a paraphrase from my CISO Series Podcast co-host, Andy Ellis (@csoandy), operating partner, YL Ventures. This is why it’s critical for the board to have their own high-level knowledge about cybersecurity, and not rely solely on what the CISO tells them.
“You need that third-party voice. You need someone who can bridge the gap between what the CISO is saying and what the board understands,” said John Masserini (@JohnJMasserini), senior advisor, TAG Cyber in our conversation.
The Board needs to know because as Masserini explained, “It really has pivoted from being that business-centric issue to where before it was just an IT issue.”
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor, Sumo Logic
