How to talk about data security with your C-suite

When it comes to data security, what resonates with an executive is different than what resonates for someone on the technology side. When an IT professional and a C-level executive hear about a data breach, for example, their minds go to different places. The IT person wonders what happened, whether it was internal or external, and how she’ll go about fixing it. The C-level executive thinks, “How will this affect the business?”

Yet, it’s critical that C-level executives have insight into data security projects. After all, according to Verizon’s report on data breaches, the most common causes of a breach were miscellaneous errors (such as a file saved to the wrong location or an email that included an incorrect recipient) and deliberate data compromises by employees. With so many threats coming from within, C-level executives must have visibility into company data security in order to identify, understand and respond to risks.

Here are three tips for IT personnel to effectively approach their C-level executives about security.

1. Use business language.

Overwhelming business executives with technical jargon and stats is not the best way to get their attention. Of course, this means IT pros must speak both the language of business and IT. You can’t just give technical details of what happened and how to fix it. You have to articulate how and why security affects the business, and how you can minimize any damage.

2. Address specific pain points.

Be specific when you’re addressing the ways security affects the business. Do you work for a bank? Show that security helps the company operate and gives customers confidence, allowing the bank to continue to take money in and lend it out.

Do you work for a hospital? IT security is crucial to attracting patients – customers – and complying with strict privacy regulations while treating them. And, of course, treating patients is how hospitals ultimately bring in money.

3. Consider critical factors.

Before presenting the importance of security to C-level executives, figure in some factors that will inform their decisions. These include:

  • Integration opportunities and complexities: How does your proposed security measure work with your current systems? Where are potential pitfalls?
  • Hidden costs: Where could costs exceed expectations? Where are there potential cost savings?
  • Team buy-in: Are the necessary teams on board with the decision?
  • Perception: How will the decision be perceived both inside and outside the organization?
  • Training: How much and what kind of training will people need to make the most of any new technology?

Speaking in the language of business isn’t necessarily natural for many in IT, but it is a critical skill when bringing any security project or purchase to C-level executives. By using these three tips and speaking the language of business, you can help your C-level executives better understand the data security issues you’re facing, making your company more secure – and ultimately more profitable.

Tomorrow’s IT pro needs to know how to talk to the C-suite. Learn the other skills you’ll need to guide your company on security, business strategy and more.

 

1 Like
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.