Get your business units to pull help from security and not have security keep pushing improvements on them. The main thing is for the CEO to not just provide support and resources for the CISO but to actually change the dynamic by regularly expecting each business line executive or functional leader to be able to articulate at some appropriate leve

Explain that cybersecurity means more than data protection. In the Harvard Business Review article 7 Pressing Cybersecurity Questions Boards Need to Ask, authors Dr. Keri Pearlson and Nelson Novaes Neto wrote that many board members think cybersecurity is still about protecting data, which was true many years ago. However, now that digital process

The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).