Unhinged insights: How to visualise security data to business stakeholders with pretty pictures

How do you translate tech talk to business executives? - Using effective visualisations that clearly demonstrate your message backed up with hard data.

Cybersecurity has transitioned from obscurity to prominence, no longer just techs in t-shirts and hoodies, but boardroom executives trying to grapple with zero trust and defence-in-depth. However, despite this heightened awareness, the challenge persists in articulating the significance and relevance of cybersecurity efforts to the diverse non-IT audience. This presentation delves into the complex task of communicating cyber data in a clear, compelling manner. With insights gleaned from years of collaboration with various organisations, executives, and cyber teams, this session presents strategies for conveying cyber data to business decision-makers.

Key questions explored include:

• identifying what data and metrics are essential, discerning between operational, tactical, and strategic data,
• aligning data visualisation with diverse needs of business users differentiating between various executives and middle managers
• methods of organisational assessments: from compliance, through assessments of security process capability maturity, to risk-based assessment of business processes
• types of visualisations and their applicability with business users including dashboards, applications, presentations, verbal, and written reports
• place of non-cyber specialists in preparation of cyber data visualisations

Some of the explored insights about the questions above are:

1. Data Essentials: This presentation underscores the importance of determining which data is pivotal for each of the decision-maker, how this data will be used, and for what purpose. By delineating between operational, tactical, and strategic data, attendees will gain insights into approach to selecting pertinent metrics tailored to specific business users.
2. Tailored Visualisation: Recognising the unique aims and perspectives of different stakeholders, the presentation advocates for customised data presentation for different audiences from executives to various middle managers.
3. Beyond Traditional Metrics: While conventional cyber metrics tend to focus on operational or tactical data, the presentation promotes for a broader outlook that encompasses business and technological processes. Presentation delves into different approaches of assessing cyber value, including compliance metrics, cyber maturity assessments, risk-based methods, and maps each approach to different types of organisations.
4. Collaborative Design: Acknowledging the limitations of dashboards that are provided by existing off the shelf products, the session highlights the pivotal role of business analysts and designers in crafting purpose-driven visualisations. Moving beyond generic templates and widgets, tailoring visual elements to specific user tasks and objectives results in greater value and improved feedback.

This presentation promises to equip attendees with practical strategies and insights to transform cyber data communication within their organisations. By adopting a nuanced approach to data visualisation and leveraging insights from diverse stakeholder perspectives, attendees will be empowered to bridge the gap between cybersecurity initiatives and overarching business goals.