How to Report Cybersecurity to the Board: Risk Metrics, Engagement, & Best Practices
Clear, engaging, and risk-focused cybersecurity reporting is more important than ever for banks and credit unions. In this panel, Taylor Wells hosts Lucas Hathaway (CRO @ Rivial Security) and Randy Lindbergh (CEO @ Rivial Security) for a lively, actionable discussion on effectively reporting cybersecurity to the board. They share insights on which metrics matter, why you should move beyond “high/medium/low” risk, how to keep reports digestible for non-technical board members, tips for auditor compliance, and practical ways to build board engagement. Whether you’re revamping your board reports or just want to ensure you’re communicating effectively, you’ll walk away with real strategies and plenty of examples. Timestamps: 00:00 – Intro, holiday vibes, and birthday surprise 02:04 – Panelist introductions & roles 03:49 – Why cybersecurity reporting to the board actually matters 06:03 – What and how much to report: Understand your audience 09:10 – Ideal board report length and frequency 11:03 – Balancing technical audit needs with board communication 13:00 – Guiding & training your board for better engagement 15:26 – Brevity vs. depth: One-pagers & risk narratives 17:32 – Top 3-5 cybersecurity metrics the board cares about most 22:44 – Real-world impacts: How reporting approaches change board relationships 24:14 – Consistency vs. variety: Should you have different report types? 26:43 – Aligning with FDIC, NCUA, and examiner requirements 28:34 – Why “high, medium, low” risk no longer cuts it 31:05 – How to express cyber risk in financial terms 36:33 – Overcoming cultural resistance to quantitative reporting 40:06 – Getting and coordinating the data you need 44:02 – Framing cybersecurity spend as ROI for the board 49:49 – Comparing your organization to peers—and why context matters 54:04 – Most common mistakes in board reports & dashboards 56:58 – Connect security controls to business impact 59:08 – Wrap up, meeting link, and goodbye Tags: cybersecurity, board reporting, risk management, credit unions, banks, financial institutions, board of directors, executive communication, cybersecurity metrics, risk quantification, regulatory compliance, FDIC, NCUA, Rivial Security, cybersecurity best practices, CISO, risk reporting, cyber risk, information security, board engagement, executive dashboard

Meet the Former CIA Agent Who Wants to Abolish the CIA

How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025

Violence Expert: Real Self-Defense Is TERRIFYING

Zero-Click Attacks: AI Agents and the Next Cybersecurity Challenge

She Asks if I Know Coldplay and This Singer Shocks The Street

Catholic Mass 101: Learn Every Part of the Mass and What It Means (w/ Fr. Mike Schmitz)

How to Pick the Right vCISO (and Spot the Wrong One)

ACLS Drugs Review with Nurse Eunice 📚💉

NIST Cybersecurity Framework Explained

The Rising Cost of Dissent in America | Miles Taylor | TED

The State of War and Diplomacy: Iran, Lebanon, and Gaza | Ep. 65

How To Think SO Clearly People Assume You're Brilliant

How to Master Third Party Cybersecurity Reviews: Practical Steps for Financial Institutions

How to Rewire Your Brain & Learn Faster | Dr. Michael Kilgard

Spine Surgeon Drowns for 30 Minutes —Comes Back With a List

CISO in the Boardroom: Mock Presentation + 3 Tips for Success
![RAMBLEMAN: Into The Ramblezone 🌀 [990]](https://i.ytimg.com/vi/CQqrZtzRWCo/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLB9GmUKxHqi-HgWqMsXQntDCbf8yg)
RAMBLEMAN: Into The Ramblezone 🌀 [990]

What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service

Amazon goes for the quick commerce pie | India’s financial rules are evolving | The Daily Brief #500

