“On my best days, I remember that the people I’m working with don’t care about what I’m doing.”
I made note of that striking comment while attending PwC’s Trust Leadership Institute Academy, held in Washington, D.C., earlier this week. The unusual self-assessment was extra surprising considering its source: Sue Gordon, the former U.S. deputy director of national intelligence who spent nearly three decades rising through the CIA’s ranks. Gordon now consults for large companies and organizations, and you would assume that the CEOs and boards who hire her would care about what she’s doing for them.
But the former top spy was making a point about how cyber experts communicate with executives and directors. Too often, companies merely seek updates from their data security chiefs, who show up and drown their audience in tech talk. What corporate leaders and executives actually care about is how cyber protection measures will impact their work and how they can use security tools. She says the best approach at board meetings is for company directors to ask their tech team questions: How can we help? What are your concerns? What are your risks?
Companies are most equipped to foresee and deal with cyber threats when internal communication about security runs deep and becomes a meaningful discourse. The same is true for governments. “Do you think we could have anticipated Russian interference in the 2016 election if the tech people and the geopolitics people had been talking to each other?” she mused.
Gordon also offered general cybersecurity tips. Take advantage of ransomware simulations so you can grapple with the decisions that must be made in a crisis before you’re in one, she advised. Do all the basics, like deploying two-factor authentication whenever it’s available. (“Cyber criminals won’t attack fortified companies. They’re really lazy,” she said.) And keep running routine phishing drills, which help create a culture that says data security is everyone’s burden.
Lila MacLellan
lila.maclellan@fortune.com
@lilamaclellan
