Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:09 PM

Data Breaches: 8 Tips For Board-Level Discussions

Recent high-profile breaches put you in the board's spotlight on security. Here's how to shine.

With all the recent news of massive data spills and security breaches, corporate boards are asking tough questions of their executive management and, in turn, their information security teams. What did those companies do wrong? How does our company compare? Are we next?

Welcome to the hot seat. You have their attention. Now your job is to leverage this opportunity to garner their respect, deepen their trust, and increase their investment in a strategic information security program. It's going to be a difficult conversation. But the white-hot spotlight gives you a chance to shine.

So in this spirit, here are 8 ways to prepare for the conversation of a career:

Just say no to FUD. When trying to position information security on the executive agenda, many IT-security marketers use fear, uncertainty, and doubt to drive emotional decision-making and, they hope, purchasing. This approach is a remarkably unreliable. Any social scientist will tell you that fear provokes three common human reactions: fight, flight, or freeze. When fear is our baseline emotional state, we are not particularly receptive and, worse, we are often incapable of parsing nuanced information. Simply put, we go into caveman mode. Thanks to events beyond your control, you already have their attention. So skip the FUD. Your job is to conduct a nuanced, information-rich discussion.

Know the stories. With such sensational media coverage, even my mother thinks she knows what caused the Target and Home Depot data breaches. But there is a story behind the headlines. There are trusted people within your network (e.g., analysts, security insiders) who are likely better informed about the chain of events. You want facts, not headlines. Take the time to do some research and be prepared to offer insights not found in the mainstream media.

[Is your IT team among the best? Get the recognition you deserve as part of the InformationWeek Elite 100. Apply today.]

Own your data. If your program is routinely audited by a credible third-party information security firm, you already know where the bodies are buried. Own it. No security program is perfect. Highlight your areas of concern. Be prepared to discuss why you're making certain tradeoffs. Be prepared for full disclosure. Show up with data in hand.

Avoid the blame game at all costs. No security program has infinite resources -- not even the NSA's. And if there were one, I guarantee the program would still be vulnerable. Security is about making tough resource choices all the time. If you have zero budget, you have zero budget. That's a fact. The fault is not the board's or the CEO's lack of vision. If you are the CIO or CISO, the failure lies with you, because up until now, you have been unable to sell them on the program's necessity. Accept all responsibility and move on. Any finger pointing, perceived or otherwise, will only serve to discredit you and your message.


[Read the full story on InformationWeek]


E. Kelly Fitzsimmons is a well-known serial entrepreneur who has founded, led, and sold several technology startups. Currently, she is the co-founder and director of HarQen, named one of Gartner's 2013 Cool Vendors in Unified Communications and Network Systems and Services, ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.