cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Communication between CISOs and C-suite lacking when it comes to cyber

While recent cyber crime spikes and increasing awareness have pushed cyber security to be a key concern for entire businesses, there is still a major communications disparity between C-suite executives and their cyber chiefs.

user icon Daniel Croft
Tue, 16 Apr 2024
Communication between CISOs and C-suite lacking when it comes to cyber
expand image

According to FTI Consulting’s CISO Redefined: Navigating C-Suite Perceptions & Expectations report, business leaders believe that their chief information security officers (CISOs) are lacking when it comes to communicating cyber risks and outcomes to senior executives.

The report’s findings come from a survey of almost 800 C-suite executives from seven sectors and nine countries, including Australia, of which 103 survey respondents were based.

The survey found that C-suite executives have recognised the rising prominence of cyber threats, with 94 per cent of respondents saying they believe that cyber security issues have risen in the last 12 months. Additionally, majority believe that cyber security is either a critical or high priority.


“It’s clear that executive leadership and CISOs both recognise the importance of cyber security risk, but more work needs to be done to ensure they understand each other,” said Meredith Griffanti, FTI Consulting’s global head of cyber security and data privacy communications.

However, despite the agreeance as to the importance of cyber security, C-suite executives have found that they aren’t quite on the same page as their CISOs in a multitude of ways.

For example, 32 per cent of Australian respondents believe that CISOs are too optimistic about the current situation and don’t portray reality in a dark enough light, while 33 per cent believe the exact opposite and overly stress vulnerabilities. The report suggests that this is a result of CISOs overcomplicating these issues.

C-suite executives said they would also like to see their CISOs present at board meetings(37 per cent), build and manage external relationships (36 per cent), be better at translating technical jargon into business terms (36 per cent), and be equipped with methods to communicate and quantify cyber risks to company stakeholders (25 per cent).

“Security is a shared goal for these leaders, but what we found is that they’re communicating past each other,” added Griffanti.

“This hampers the CISO from making a compelling case for investment in certain parts of their cyber security program and also leaves business leaders in the dark about areas where the organisation is most vulnerable.”

According to the report, two in five Australian organisations (39 per cent) have plans to conduct assessments of cyber crisis preparedness and will hold simulations and tabletop exercises as part of these assessments.

“Effective communication plays a critical role in strengthening a company’s cyber security stance in a rapidly evolving environment,” said Ben Hamilton, senior managing director in FTI Consulting’s Australian strategic communications practice.

“Empowering CISOs with the necessary skills to effectively communicate cyber risk with senior leadership will ensure businesses are better able to understand the threats they face and allocate the right resources to maximise their cyber resiliency and preparedness.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.