On the panel with Jack Whitsitt:
>>Cedric De Carvalho, Head of Group Cyber Risk & Advisory, Richemont Group
>>Tom Callaghan, Co-Founder, C-Risk
Watch the panel on communicating cyber risk to the board and senior management.
A FAIR Institute Contributing Membership is required to view. Join now!
Some key bits of advice from the panel:
>>”The storytelling for me always starts with visibility,” said Cedric. Establish current loss exposure before moving to risk scenarios.
>>”Tune the story to the business and the board,” said Tom. “Sometimes we forget how much we know about this and how little executives understand.” One way to bridge that gap: Find key risk indicators that align with the business.
>>Any report you present should be “clear with no interpretation” required, said Cedric. At the same time “don’t babysit the board” and oversimplify.
>>Keep in your back pocket reporting that is much more extensive. “We have one report we present and one that goes very deep,” said Cedric. Tom added, “They’re not going to consume huge amounts of detail, but if the detail isn’t there you’re not going to have a credible presentation.”
>>Always “explain what you want out of the conversation,” Tom said. “If there is a decision to be made, try to articulate what that is.”
Get more tips on communicating about risk-based decision-making: Watch the video of the panel discussion. A FAIR Institute Contributing Membership is required.