Lost in Translation: Cybersecurity Board Reporting for CISOs
TechTarget, Wednesday, June 3rd, 2026
CISOs struggle to convey cyber-risk to boards; Gartner advises using financial report structures.
At Gartner's 2026 Security and Risk Management Summit, analysts addressed how cybersecurity leaders can better communicate cyber-risk to corporate boards.
Nearly all CISOs now present to boards, up from 25% a decade ago, but their presentations often fail to resonate, and while 93% of board members recognize cyber-risk threatens shareholder value, executives and CISOs speak different languages.
Gartner recommends restructuring security reports using financial frameworks: balance sheets for current program state, income statements for business impact, cash flow statements for resource allocation, and narrative summaries.
Because finance is the lexicon of the board, this makes technical concepts accessible. Success shows in constructive feedback, better decisions, fewer confused questions, and more support for security investment.