As we mentioned in the introduction, an executive report is for the C-level executives and management to use in order to understand risks based on the risk assessment that was carried out (this includes vulnerability assessment and penetration testing). Since the C-level executives are busy people, the report should be as crisp as possible and contain all the information they need in order to make informed decisions. Let's take a look at the generic structure of an executive report.