Workforce Development

Effective C-Suite Communication for CISOs

Cyber-related discussions with your C-suite or board should take place long before an incident occurs. But with such a dense topic, how does a cybersecurity expert stop their audience’s eyes from glazing over and make sure that the message is heard and understood?

Here are three tips from Fortified Health Security’s 2024 Horizon Report that will help you foster a productive and engaging information exchange and empower your leadership team to effectively navigate you’re complexities of healthcare cybersecurity.

1. Drop the Jargon

You likely have a stronger technical background than many of the executive leaders and board members within your organization, and that’s ok—it’s your specialty.

Just remember, your presentation isn’t about showing how deep your knowledge is. It is about getting your message heard and understood so that you can move your priorities forward.

Keep technical jargon to only what is absolutely necessary to convey your point and focus on using common language and concepts (analogies, at times) that resonate with your leadership.

Simply put, put yourself in their shoes. Adopt a business-centric perspective, considering the financial implications and risks of both implementing and not implementing what you’re proposing.

2. Don’t go it alone

Everything is easier with (the right) help. Identify and connect with one or more of your executives who can help you bridge the gap between technical and business perspectives. This person likely has a technical background but has spent the past several years working at the executive level.

Partner with them to gather input on concepts, drafts, and outlines of your plans and presentations to help ensure your message and delivery will resonate with your C-suite and board.

Keep in mind that no one wants to feel like their time is being wasted. When you ask for their input, be mindful about incorporating it in a meaningful way.

And when it comes time to present your insights and recommendation, openly recognize their collaboration. Doing so will build the credibility of your perspective while providing deserved recognition for their input.

Not to mention, if there’s debate around your ideas, there’s a good chance your executive ally will defend your plan based on a feeling of shared ownership.

3.  Tell a story

Stories are not only more interesting to listen to, but they also tend to leave a stronger impression.

Whenever possible, share real-world stories and examples to illustrate the connections between cybersecurity exposure, a potential incident, operational disruptions, reputational damage and, ultimately, the resulting revenue loss.

If available, run models and show estimations specific to your organization. Or, if that’s not feasible, share real-world examples from similar organizations.

Additionally, it can also be impactful to show instances of when a CEO or other executives are spotlighted in the news. This can help make your narrative more relatable to your leadership team by allowing them to envision themselves in similar scenarios.

And while graphs can complement the story you’re telling, use them to reinforce your positions versus making them the focal point of your story.

Communication can be a leader’s largest challenge.

Effectively communicating with your healthcare organization’s executive team may be one of the most impactful things you can do as a healthcare cybersecurity leader.  It is also one of the most challenging.

For additional thoughts on how to communicate with executive leaders in healthcare, along with other topics such as legislative updates, AI risks in healthcare, and even effective tabletop exercises.