In an age when cyber-attacks are a daily occurrence, senior leadership teams and policymakers want assurances that their cyber security programs are doing what is required to defend their organization. Cyber risk is critical for Local Governments to understand, especially for top elected or appointed officials. Cyber risk is the responsibility of elected or appointed officials not IT. According to ICMA top officials are not engaged in cybersecurity, not sufficiently informed or committed to cybersecurity. At the same time, IT and security teams are struggling to quantify cyber risk or find effective strategies for communicating that risk to leadership in a way that clearly communicates the reality of the risk an organization is accepting.
In this presentation, we will share lessons learned from research into cyber risk management and experiences communicating with elected and appointed officials. We will present specific strategies to consider when measuring risk, communicating risk, and helping IT or cybersecurity teams realistically set expectations with stakeholders.
