Skip to main content

The CISO’s guide to creating an effective ransomware board report

Get practical tips on how to brief your board on cybersecurity risk

Ransomware is a key agenda item in the boardroom. CISOs are expected to report on their organisation’s ability to respond to and recover from a ransomware attack, but can board members trust the information they’re being given?

Our latest research involving 1,200 security leaders reveals that while 91% are reporting to their board on ransomware protection levels, just 33% of CISOs are “very satisfied” with the time, resource, accuracy and detail of their ransomware board reporting.

The research also reveals that:

  • 86% of security leaders said ransomware mitigation is a budgeted priority in 2021 and 2022.
  • 86% said they’d be willing to prove the strength of their cybersecurity programme to insurers with data-driven metrics in the next two years, if it led to a reduced premium.

Download our new guide for insight on how CISOs can create accurate cybersecurity board reports that build confidence in their organisation’s security posture and ability to mitigate a ransomware attack.

Download report

What you’ll learn about cybersecurity board reporting

Alongside the findings from our research, it includes interviews with Andrew Jaquith and David Fairman, who are both experienced Fortune 500 CISOs and board members. They share their experiences of reporting cybersecurity to the board, including eight questions that CISOs need to prepare for when going into a board meeting.

The guide explains:

  • Why CISOs need to consider their own objectives when reporting to the board.
  • The importance of educating board members on cybersecurity risk.
  • How to put cybersecurity in a business context.
  • How to improve data quality and efficiency through automation.


Andrew Jaquith is a cybersecurity and risk executive, with experience in successful startups and global Fortune 100 environments. He previously managed a broad range of technology risk at Goldman Sachs and JP Morgan Chase, and is author of Security Metrics: Replacing Fear, Uncertainty and Doubt.

David Fairman is an experienced CSO/CISO, board member, investor and coach. He’s worked and consulted for large financial institutions and Fortune 500 companies. David has been actively involved in founding several industry alliances and expert groups across multiple regions.