During a serious cybersecurity incident such as a ransomware attack, the boardroom becomes a pressure cooker.  Execs need to know, urgently, liabilities and timelines from the CISO who is presently roasting over hot coals.

Meanwhile ....

• The IT, incident response and cybersecurity teams are up to their [eye]balls in escalation procedures, web services, backups and forensics.

• The lawyers in Legal are figuring out precisely how much to disclose to the authorities and stock markets, when and in what specific terms.

• Public Relations can't figure out why their holding message templates are presently unavailable, and can't remember if any of them cover the present situation anyway.

• Marketing desperately fears the brand erosion once the details become public knowledge.

• Customer Services are bracing for impact ...

• The few managers who even recall attenting a risk workshop 18 months ago simply don't care about "MTTR", still have no idea what "RPO" means and are rapidly coming to the realisation that the “BCP” was optimistic in the extreme.

• Nobody has actually read the Incident Management Policy lately, let alone noticed that the call centre which was supposed to be 'orchestrating' things (whatever that means) was substantially replaced by a chatbot last year.

• Workers in Operations are left wondering how on earth they are supposed to continue working when the network is down and management are either huddled in meeting rooms or running about like headless chickens. On speed.  

There are so many cybersecurity-relevant business and technology activities to coordinate and align in any corporation that little points of disagreement and misunderstanding inevitably accumulate, remaining largely unrecognised until they simply can’t be ignored any longer. Friction builds in the gaps between definitions and comprehension. The heat builds until flames erupt.

If one person’s "risk" is another’s "exposure," it’s no surprise when strategies and tactics stumble on the cracks.

Staff, management, customers, suppliers, authorities and owners all have subtly or markedly different understandings of cyber risk, security, governance and compliance – distinct requirements, conflicting priorities, unsatisfied goals.

Bottom line: language is crucial in any field as technical as cybersecurity.  Comprehension is critical.  Clarity, essential.

The Cybersecurity Hyperglossary is your plain English guide, getting everyone on the same page.  Avoid getting lost in translation by speaking the same language. Pre-order today.