Cyber Means Business: Nick Kathmann on How CISOs Should Talk to the Board About Risk
Heller, Wednesday, April 22nd, 2026
CISOs should frame cybersecurity in business terms like risk appetite and strategic goals rather than technical jargon when communicating with boards.
Nick Kathmann, former CISO at LogicGate, argues that effective cybersecurity communication with boards requires translating technical metrics into business risk language that executives understand. CISOs should focus on the company's overall risk profile and how it aligns with board-defined risk appetite, avoiding common mistakes like staying too technical, exaggerating risks, or using industry jargon.
Security investments gain board support when tied directly to strategic initiatives, revenue opportunities, or enabling business growth, with credibility built by connecting security programs to the organization's core objectives rather than presenting them as purely technical concerns.