The diversity of audiences within organizations does not make it easy for CISOs to communicate about their initiatives. Last December, a study by Dimensional Reasearch for CyberArk, underlined again: more than half of the leaders make their decisions without taking cybersecurity into account . And for good reason: more than a third of them are not regularly informed by their teams in charge of the subject. In fact, according to a study by Goldsmiths of the University of London, for Tanium and Nasdaq, a large majority of leaders simply seem to understand nothing about cybersecurity issues .
In an information note to his clients, Gartner notes that CISOs often find it difficult to communicate on their security initiatives or strategies “to different audiences, such as other executives, the board of directors, third-party companies or even their own staff “. This is because “high-level communications about information security can be inherently complicated.” Far from completely clearing the CISOs, the firm believes that the latter also “tend to unintentionally create confusion or contestation” because of “messages too heavy” or involving “details inappropriate for most of the public.” In short, CISOs often seem to struggle to get away from the technique enough to deliver audible messages.
To get out of this pitfall, Gartner recommends using the “Prediction, Prevention, Detection and Response (PPDR) structure as a method to bring clarity to the CISO’s strategic communications.” The firm explains using this model to describe the strategy for the security of the information system, saying that it “resonates particularly with technical audiences and managers” because of its concise nature and because it “recalls to the public that security does not stop at prevention alone “. As the name suggests, this model covers the entire cycle of threat protection, from “proactive exposure assessment” to investigation and evidence analysis, prevention and control. incident detection and containment.
For Gartner, this model can help to create “instant understanding and recognition,” but also “reduce complexity.” As part of its use, the firm recommends the use of some form of marketing, relying on visual cues that “provide a psychological anchor to which you can attach ideas”, but also highlighting the “affinities” to take away the attention of target audiences.
Above all, Gartner multiplies practical examples and insists on the importance of brevity: “Too much detail tends to generate distraction and contestation. Specific details are easier to dissect and question than a hard-hitting story. In addition, virtually everyone you are trying to communicate with is crumbling under multiple priorities. “