I’m asking CxOs that I monitor on Twitter to help me write a research doc on how to talk to your board of directors about cyber security. Please scroll down for the short version or read the full post/watch the video for the background on this project…
Since January of 2016, my colleagues and I have been conducting an active experiment to answer the following question:
Is there a more agile and cost effective way to perform business technology research than the established approaches used by leading analyst organizations such as Gartner, Forrester and IDC?
My business partner John Furrier and I, along with David Floyer and other members of our research organizations have been working on this problem for several years. Recently Peter Burris joined SiliconANGLE Media to head its research organization and he and I, along with our colleagues have been acting on this challenge. It’s something we feel qualified to address with our backgrounds running large analyst teams at companies like IDC, Meta Group and Forrester. We’ve come to several conclusions:
- The Field is Crowded. The world doesn’t need another analyst firm peddling insights about technology. There’s plenty of information about what technology is and how it works and tons of smart analyst who write on these topics. The likes of Gartner do a very good job at this and there’s not much game-changing value we can add. Rather, we think focusing on business impacts is an area where gaps exists in today’s technology research business.
- Being the SPitR (Smartest Person in the Room) is Increasingly Less Attractive as an Analyst Model. A community of “Do-ers” has more collective knowledge than a room full of analysts. We believe that tapping the expertise of individuals applying technology to create business capabilities is a powerful model that is highly disruptive to established analyst / research approaches.
- Social Media and Big Data are Changing the Game. Data-driven technologies and processes are enabling new forms of communication and collaboration that can be harnessed to create high quality research in less time than traditional models.
- It’s all About Digital Actions. Every company we work with, whether an airline, bank, manufacturer, service company or technology supplier, is trying to create digital interactions. They’re doing this often with content that can be shared, embedded and distributed in digital form.
- “Open Source” and Digital go Hand in Glove. In the world of digital content, having the ability to easily and freely copy, share, embed, distribute, translate and utilize assets in any manner, with zero friction, is fundamental to success.
With these fundamental assumptions as a backdrop, we’re setting out to dramatically change the content/media space generally and the analyst business specifically. To that end our engineering and research teams have been working on some experimental tools and new processes to radically compress the time it takes to build high-quality research.
In early March, we began to deploy our sandbox toys to establish a group of “Digital Do-ers” at the CxO level. With this tooling, we’re able to quickly identify, monitor and engage with the most influential people on Twitter, within a specific context (in this case the Digital CxO). This process has created an active and credible practitioner group using social media to communicate and share ideas. I’ve watched as these individuals have focused on important topics like cyber security, the state of education in our society, new technology delivery, new operational models, the impact of IoT, the evolving role of women in tech and how to deal with the data scientist shortage.
As we begin to implement these new processes and tools, it creates the following business value for our community:
- You get more, higher quality research and answers sooner, derived from real world practitioner input
- It’s not only faster but costs are lower, which we can pass on to clients and/or invest in new innovation (yes, we actually want to lower your costs)
- Friction-free…once you acquire a digital asset, we believe you should be able to freely use it any way you want – without permissions.
What are the Goals of this Effort?
Straight Talk with your Board about Cyber Security
The goal is simple but at the same time ambitious: To collaborate with community leaders to build digital content that can create meaningful organizational value and lead to constructive change.
The first topic I’m tackling is: How to Talk to Your Board of Directors about Cyber Security
Here’s the premise:
CxOs generally have two choices when discussing cyber security with their boards: 1) Convey that all is under control and hope nothing bad happens or 2) Proactively approach the board and have transparent conversations about how to limit the damage and form appropriate responses if (and when) an event happens. Many CxOs are ready to have the conversation with the board that says we’re hoping for the best but planning for the worst. Specifically: “assume we’re going to get compromised. We need to put a plan in place on how to respond when it happens and I can lead that process.”
The outcome of this initiative is a research document, derived by tapping the insights of CxOs that can help executives understand the best approaches to communicating to their boards about cyber security. We hope to answer the following ten questions, broken into three main parts:
Part I – Kicking off the conversation:
- What does the board need to know about cyber security?
- How can cyber risks be credibly quantified in a manner that the board will understand?
- What should absolutely be in the conversation and what is definitely out of scope?
Part II – How should we structure a response plan?
- Who in the organization should I tap to help me create my response plan?
- What business outcome expectations should be set?
- What guidelines should be used when establishing a framework for responding to a cyber attack?
- What should be in my response plan checklist?
Part III – How to Sustain the Conversation:
- What does a response plan maturity model (aka plan journey) look like and how can I determine where I am on the curve? (note – this is not a cyber readiness maturity model, rather it’s a communications maturity model)
- How should I think about and communicate the ongoing costs of improvement?
- Continuous information flow…What are the best sources of information and resources about cyber security that I should investigate to evolve this discussion
I’ve reached out to you directly on Twitter because I’ve been observing your activity in the CxO community that I’ve created. I’m impressed with your background and knowledge and feel as though you can make a significant contribution to this research.
I’m asking that you participate in a CrowdChat to directly answer these ten questions on communicating to the board about cyber security. A CrowdChat is a Twitter Chat but better — you’ll see (if you choose to participate). A CrowdChat can be scheduled at a (hopefully) convenient time for you and will last one hour; but I’ll leave it open so you can comment at a time you choose.
Why Bother? What’s in it for you?
Four (4) things:
- You’ll be contributing to new value creation for your peer community, sharing your knowledge as a key input to a new type of research process.
- You will be directly participating, through your social activity, in the disruption of one of the most entrenched businesses on the planet – the technology analyst business.
- You will be recognized and specifically attributed as a CxO thought leader in the research document.
- Of course, you will receive a copy of the research with the right to use it in any way you see fit.
Tweet or DM me – @dvellante – and let me know if you’re interested and I’ll take it from there.