No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Why Data Privacy and Cybersecurity Must Be at the Top of CEOs’ Communications Agendas

Infosec issues are moving from the backroom to the boardroom

by FTI Consulting
September 26, 2023
in Cybersecurity, Data Privacy
ceo speaking concept

The scope of a CEO’s job is wide, to be sure, but as data privacy and cybersecurity continue to come to the fore, a group of experts from FTI Consulting argue: Top leaders need to make talking about infosec one of their biggest priorities.

Jamie Singer, Alexandra Priola, Kelly Miller, James Condon and Clare Marshall co-authored this article.

It is a massive understatement to say that CEOs have a lot on their plates. From inflationary pressures to ESG issues to talent retention, the list is long. Perhaps, unexpectedly, another topic rising to the top of the CEO public communications agenda is cybersecurity and data privacy.

According to FTI Consulting’s recent “2023 CEO Leadership Redefined” report, 73% of investors and 63% of employees want to see CEOs engage publicly on the topic of data privacy. Notably, data privacy ranks ahead of other critical issues, such as supply chain disruptions and bringing manufacturing jobs back to the U.S. The issue of cybersecurity also rises to the top of this list, with 58% employees agreeing CEOs should publicly engage on cybersecurity issues.

It is with good reason these issues should be top of mind for members of the C-suite. Today, organizations face privacy issues of all kinds — misuse of online tracking technologies, reputational damage from an incident targeting personally identifiable information, new SEC regulation requiring reporting of cybersecurity incidents by publicly traded companies, changing consumer sentiment on the way personal data is handled and more.

On the cybersecurity front, the threat landscape continues to evolve and intensify. Ransomware incidents still plague organizations; according to IBM’s “Cost of a Data Breach” report, the average cost of a ransomware attack in 2023 is more than $5 million, a 13% increase from last year. Moreover, recent third-party incidents targeting service providers in the file transfer industry are having significant downstream effects on organizations large and small.

At the same time, not all CEOs may be fully prepared or equipped to speak effectively on these issues. According to results from FTI Consulting’s proprietary survey used to develop the 2023 “CEO Leadership Redefined” report, when CEOs do speak out on data privacy and cybersecurity issues, only half of employees “approve” of the way CEOs address these topics.

Here are some key considerations to enable CEOs to address this communications gap:

1. Develop a clear privacy narrative.

Before CEOs can communicate effectively on these topics, it is important to have a clear privacy narrative that outlines the organization’s priorities, initiatives and proof points in the areas of data security and privacy. This privacy narrative should draw a clear connection to the organization’s vision, purpose and values. By establishing and communicating a privacy narrative to stakeholders — in a way that is familiar and consistent — and before a data privacy or cybersecurity crisis occurs, CEOs can help to store reputational credits in the bank.

illustration representing sec cybersecurity rules
Cybersecurity

Everything You Need to Know About the SEC’s New Cybersecurity Rules

by David Lynn
September 6, 2023

Following the release of much-anticipated cybersecurity reporting guidelines for public companies, questions may persist about specifics of the new rules. Attorney David M. Lynn of Morrison & Foerster dives into all the details.

Read moreDetails

2. Participate in cybersecurity and data privacy communications training.

While they are not expected to be technical experts, CEOs do need to speak credibly at a high level to their companies’ data privacy and cybersecurity programs. Whether with employees, customers or investors, CEOs must have their talking points at the ready to provide assurance and demonstrate security readiness. According to our proprietary research, investors are also paying close attention to these topics; about three-quarters agree CEOs should speak out on data privacy and cybersecurity. Executive-level communications and messaging trainings and workshops are key to bolstering CEOs’ comfort with these topics.

3. Establish strong internal relationships with privacy and infosec leaders.

Key to a CEO’s ability to communicate effectively on these topics is having strong internal relationships with the privacy office, CISO and other infosec leaders who can help to translate technical topics into C-suite speak. In fact, an FTI Consulting survey from 2022 found that 79%of CISOs feel heightened scrutiny from senior leadership and 58% revealed a struggle to articulate technical information and effectively communicate cyber risk in a manner that the board and senior leadership can understand. Privacy officers can face equally complex issues and risks to articulate. Clear alignment with internal experts helps to validate the content with all stakeholders while also elevating this topic onto the organization’s main stage. Convene these leaders regularly and with intention to tackle some of these trickier topics.

4. Make data privacy and cybersecurity about more than just training for employees: Incorporate it into relevant experiences.

Greater awareness and understanding around important topics like these have a positive correlation to compliance, advocacy and action among employees. To help build connectivity among employees, it should be spotlighted in trainings but also woven into dialogue opportunities, town hall meetings, as well as experiences like onboarding and even rewards and recognition. And our proprietary research revealed employees are asking to hear more from their CEOs on data privacy and cybersecurity, demonstrating a growing interest and desire to learn and be involved. Organizations that seize on this captive audience can embed data privacy and cybersecurity into the fabric of their culture, helping to mitigate further risks.

5. Invest in data privacy and cybersecurity crisis preparedness.

The data privacy and cybersecurity landscape is constantly changing. This requires companies to assess and address new risks, manage and mitigate challenges as they occur, and build preparedness and resiliency into systems and culture. Organizations need a comprehensive data privacy program and crisis response plan that facilitates diligent, forward thinking privacy governance, scenario planning, communications strategy and tabletop exercises to stay ahead of the ever-evolving threat environment.

Data privacy and cybersecurity have moved from the backroom to the boardroom. CEOs must emerge from the shadows to be front-facing on these issues with employees, investors and other stakeholders.


Tags: Data GovernanceTone at the Top
Previous Post

Wave of State Data Protection Laws Is a Gathering Compliance Nightmare

Next Post

Can We Talk About Silence From Employers in the Job-Hunting Process?

FTI Consulting

FTI Consulting

Related Posts

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

data security program concept cameras

Your Sensitive Data Is Now a National Security Matter: The DOJ’s New Data Security Program

by Randall Cook, Vince Mekles and Rachel Woloszynski
April 29, 2025

90-day implementation window closing on regulations affecting companies with genomic, biometric, health and other personal information

farm silos

Siloed Thinking, Scattered Compliance: The Leadership Challenge in GRC

by Anna Muzalska
April 7, 2025

Strong leadership and integrated communication prove as critical to compliance success as policies and procedures alone

Electronic Evidence Collection for eDiscovery and Compliance

Electronic Evidence Collection for eDiscovery and Compliance

by Corporate Compliance Insights
March 30, 2025

Are you prepared to manage modern data sources in your compliance program? Whitepaper Electronic Evidence Collection for eDiscovery and Compliance...

Next Post
silence concept

Can We Talk About Silence From Employers in the Job-Hunting Process?

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights