Keith Turpin, CISO of Universal Weather & Aviation, suggested also looking at other breaches and how they affected businesses, then showing how those situations could shake out at your company. "It's a risk analysis," he said. However, he cautions CIOs to not protect everything the same way. "You'll run a resource exhaustion game."
Make Security Palatable for Business Leaders
Outside of the boardroom, security updates for the C-suite and business leaders should be digestible so they can fit it into their busy schedules. Hart said creating a one-page report that takes five minutes to read is a way to get on the CEO's radar. "It's about building the relationship long-term," he said.
Oberlaender agreed, "Address past, present and future -- and make a case for the CEO. Get on his radar with a weekly report and education." He also said it's important to create a program that C-suite executives can follow and include clear policies for employees to abide by. "Your company will have a breach sooner or later," he said. "So educate your executives that you can do something about it."
Lastly, it's critical to involve the legal department, which, Sutton says, can never happen too early. "Please get legal folks involved early on before your data is on fire," he said. "Help us, help you."
Sign up for CIO Asia eNewsletters.