Skip to main content

Performing a Cyber Review with your Clients Board or Senior Management Team

Increase awareness and help your clients make better risk-based decisions on their cybersecurity through regular cyber board reviews

S
Written by Sophie Lamb
Updated over 3 months ago

1.0 - Introduction

Talking to the Board and/or the Senior Management Team about cybersecurity is a great opportunity to align cybersecurity priorities with business objectives. If leadership are not fully informed about potential risks, they can't make the critical decisions that only they can make.

  • Expanding into a new region? Great - but you better consider compliance obligations.

  • Bidding for a major contract that will give financial security over the next 5 years? Amazing - don't screw it up by failing due diligence on your cybersecurity.

  • Got stringent SLAs to meet where downtime could cost you significant financial loss? Better make sure your IT BCDR is robust and aligned to these requirements!


Often times, leadership are blissfully unaware of the reality on the ground when it comes to the organisations cybersecurity posture - particularly in relation to the ability to respond and recover quickly.

With HighGround, you can present clear, data-driven insights to the board, pinpoint how these translate into business risk, report effectively on an ongoing basis and finally work in partnership with them to achieve the organisations goals.

2.0 - Performing Effective Cyber Reviews with the Board

When performing a cybersecurity review with the board or senior management team, it’s important to strike the right balance between technical details, strategic insights and business risk. Here’s how:

Do . . .

  1. Be relevant: Instead of diving deep into technical jargon, translate cybersecurity metrics into business terms. For example, explain how a security measure will prevent potential loss or how it supports a specific compliance obligation. The key here is to be specific.

  2. Make it visual: Data and metrics are important, but they should be presented in a digestible format. Infographics, dashboards, and summaries can help convey key points effectively.

  3. Give examples: Highlight relevant incidents, either within your organization or from industry peers, to illustrate potential threats and the effectiveness of your cybersecurity strategies.

  4. Use simple language: The biggest turnoff to a business leader is tech-talk. Talk to them in plain language, keeping it simple and easy to understand. If you start using jargon and acronyms, you'll lose them quick!

  5. Ask for what you want: Business leaders are busy - they don't have time to figure out what you want - so be very clear on your recommendations and what it is that you are asking for. Include costs, timescales and expected business disruption.

Don'ts

  1. Use Acronyms: alphabet soup is the fastest way to lose your audience and undermine your efforts to get the board engaged in the organisations cybersecurity

  2. Try to impress: you're not there to impress them with your wealth of knowledge or experience - you're there to help them make decisions - stay focussed on that outcome, and they will be impressed anyway!

  3. Protect them: you can't sugar-coat it, nor should you try. Sooner or later, they will learn the truth and you'll take the fall for it. It starts with being honest and realistic - only from here can progress truly be made

  4. Use FUD: using fear, uncertainty and doubt (FUD) can backfire bigtime with the board. The media does a good enough job of peddling this cyber fear. You are here to empower them to make decisions, not to make them feel they've already lost the battle before they begin

  5. Educate them: sure, you can explain concepts to them, but don't go in with an agenda to educate your audience like students in a classroom. Be respectful in how you explain concepts, ensuring you don't come across as patronising.

By making sure your Cyber reviews with the board are effective and actually happen you will see several benefits including:

  1. Enhanced Security Posture: Keeping cybersecurity top of mind for leadership ensures that security initiatives receive the attention and resources they need.

  2. Improved Decision-Making: A well-informed board can make better decisions regarding risk management and resource allocation.

  3. Regulatory Assurance: Regular reviews demonstrate due diligence, which can be crucial during audits or regulatory assessments.

  4. Strengthened Organizational Resilience: By preparing the board for potential cybersecurity incidents, you contribute to a more resilient and agile organization.

3.0 - Performing a Cyber Review in HighGround

Conducting your cyber reviews in HighGround is a breeze with the Governance & Resilience module. Just follow these simple steps:

  1. Navigate to the 'Perform Cyber Review' Button: Head over to the Governance & Resilience module, click the 'Annual Cyber Review' tile and click on the 'Perform Cyber Review' button to get started.

  2. Complete the Four Review Sections: The review is divided into four sections. Take your time to answer each section thoroughly and accurately to ensure a comprehensive assessment.

  3. Finalize and Save Your Review: Once you’ve completed all sections, click 'Complete'. HighGround will automatically generate your review and save it under the Cyber Review tab, ready for you to revisit whenever needed.

By following these steps, you'll maintain a clear record of your cyber reviews, making it easy to track progress and provide valuable insights during your next board meeting or internal audit.

Note: At the bottom of each section you have the option to add your own questions.

Related Articles
Understanding the HighGround Cyber KPIs
Managing your Clients Cyber Resilience in HighGround
Managing your Clients Cyber Insurance
Performing a Client Cyber Risk Assessment
Managing your Clients UK Cyber Essentials Accreditation
Did this answer your question?