Talking to the C-Suite About Cybersecurity

Increasingly, new laws and regulations are designed to help guide companies in structuring their cybersecurity strategies. For example, the U.S. Securities and Exchange Commission (SEC) has become very strict on what organizations have to report. The European Union General Data Protection Regulation (GDPR) and other regulations like the NIS 2 Directive-an EU legislative act that aims to compel a higher and common level of cybersecurity across all the organizations within the union-are driving structural changes in cybersecurity. Ultimately, it all boils down to adhering to the rules to protect organizations and, by extension, citizens from cybercriminals.

From an executive vantage point, the central questions to be addressed are: "Is my company safe? Is my IT organization doing a good job of protecting us? And, as a leader, am I making sure we're doing what is required by the SEC, or the EU government, or whoever else is creating the regulations?" In this post, we discuss how top-level managers of organizations can best navigate the intersection between their business needs and cybersecurity requirements.