CISOs have a daunting task: They must not only manage IT security and investment, but also effectively communicate current cyber risk information and actionable strategies to the C-suite on a regular basis.

According to SecurityWeek, CISO longevity may now also be at risk because these tasks aren’t getting done. Approximately 59 percent of surveyed board members said that CISOs “will lose their jobs as a result of failing to provide useful, actionable information.” How do CISOs make sure they’re safeguarding company assets and translating this data into meaningful C-suite insight?

In the Know With Cyber Risk Information

With cyber risk now a top priority for organizations, 89 percent of board members say they’re “very involved” in making security decisions, with 74 percent receiving weekly risk updates, SecurityWeek reported. While CISOs are doing a better job of communicating the basics — 70 percent of executives understand what security pros are trying to get across — more than half still feel the information offered is too technical. IT experts, meanwhile, believe only 30 percent of those on the board are actually getting the message.

Not surprisingly, this leads to a disconnect regarding actionable information. While 97 percent of C-suite members believe they know what to do with cyber risk information, just 40 percent of security professionals say this information is actionable. In other words, both sides want the same thing — clear, timely, insightful data — but can’t agree on what it should look like or how it should be presented.

There’s bad news for CISOs, however: If boards don’t like the method, medium or message, the result may be a pink slip. Beyond lost employment and the hunt for a new security executive, however, this disconnect has a real-world impact on high-value initiatives such as big data projects. As noted by Infosecurity Magazine, 73 percent of these projects are put on hold because of “worrisome” security concerns.

Finding Balance

So what’s the root of the problem? Are CISOs simply unwilling to communicate in a way that satisfies board members? Or are C-suites too demanding when it comes to actionable cyber risk information?

Chances are the truth lies somewhere in between. According to CSO Online, for example, successful CISOs must fulfill four roles: the strategist, the adviser, the guardian and the technologist.

While they spend 77 percent of their time as tech experts and data defenders, many want to shift the balance and spend just 35 percent of their time in these roles. This would leave more room to develop new security initiatives and effectively communicate them to management.

Part of that shift relies on movement from the CISO, but the C-suite also plays a critical role. Right now, security budgets are often tied to the quality of security presentations. If risk isn’t articulated as desired or threats aren’t seen as dangerous enough, budgets are frozen or slashed. But with cyberattacks and malware on the rise, the suggestion that corporate networks are safe is ludicrous.

Constant vigilance and continuous improvement are necessary to protect critical assets. It’s important for C-suites to trust the judgment of CISOs — even if presentations fall flat. By giving them what they need to shore up defenses, security executives can spend more time developing and communicating new strategies instead of fighting IT fires.

Put simply, talk trumps termination. CISOs are under more pressure than ever to deliver actionable, insightful content at board meetings. Rather than showing them the door, however, it’s worth giving them room to work.