If your company works with mid-market and enterprise customers, chances are you will be asked to present at a board meeting. The CEOs of your client companies are the ultimate decision makers about technology investments. However, they are relying on your expert guidance. While their board members may not be well-versed in IT, they probably have a general idea of what to ask about based on reading news stories and spending time on other boards. For example, they have probably heard of Zero Trust Access by now. Here are a few key questions you should prepare to answer in any board meeting:
Question #1 – Are we vulnerable to cyber threats?
Cybersecurity is a top concern for executives, especially given remote work, the war in Ukraine and ongoing global unrest. Cybercriminals are increasingly exploiting remote access to breach the network and generate a substantial profit. The average price of network access information being sold in dark web forums is now nearly $10,000.1
So, while you may be tempted to go with the short answer which is always “Yes,” it’s better to have a thoughtful answer in the context of cyber risk. For example, you can say, “While the likelihood of a risk to your network is low, the impact of a cyberattack can be very high, which is why we continuously monitor your network and have deployed Zero Trust Network Access (ZTNA) solution.”
Question #2 – Should we be investing more in cybersecurity?
While it’s always tempting to say “yes,” keep in mind that your client’s CEO may have already committed their budget to other initiatives. However, you should have a list of three areas you would invest in if funds are available or if they can be approved in the next fiscal planning period. Always try to answer in terms of ROI. For example, you can say, “if we invest in SOC incident readiness services, we can realize this type of ROI over the next 12 months.”
Question #3 – Should we be using the same technology as Company X?
Board members may also ask about technologies that they hear about from competitors or from other boards they’re on. Avoid the urge to respond with a bunch of technical jargon and frame your responses in light of what they’re most concerned about – growing the business. For example, you can say, “It depends on whether or not you plan to expand your business through acquisition like Company X is doing. If that’s the case, we should consider implementing a cybersecurity mesh architecture.“
How you prepare for these questions can make or break the relationship you have with your clients. Spend the time crafting thoughtful business-focused responses that will solidify your standing as their trusted security advisor.
1. Jonathan Greig, “Hackers netting average of nearly $10,000 for stolen network access.” – ZDNet, August 10, 2022