Security leaders may find the kill chain useful when explaining cyber security to business stakeholders. However, they face a few challenges in doing so. For starters, security language can be impenetrable and even off-putting to non-practitioners. Executives also sometimes have difficulty viewing security as a business enabler because the security function must often implement security controls that could be seen as limiting innovation.
With cyber attacks only increasing in frequency and sophistication, it's essential for security leaders to effectively communicate with their colleagues about concepts such as the cyber kill chain and its business impacts. This way, they will have a far better chance of securing the funding that is required for a robust cyber security program.
According to TechTarget, a web-based firm that publishes technology-related resources, there are four effective ways to explain cybersecurity to executives. First, resist the temptation to get into the weeds and explain a complex security concept at the very beginning. Instead, take a storytelling approach in which you present the threats facing your business and explain how your cybersecurity strategy addresses them. Your story should focus first and foremost on existential threats that pose the most serious risks to your company.
Once your stakeholders have developed a comfort level with cybersecurity, it's appropriate to begin examining your organization's existing security controls in detail and determining whether they would stand up to regulatory scrutiny. In all your communications, take special care to link your security measures to business outcomes so that your audience is able to understand the business value of the investments you are proposing. That way, they will begin to see security as a business enabler rather than a cost center.