Now, let's think about this example in terms of cybersecurity.Your organization uses the NIST cybersecurity framework as a scoreboardto say, here's where we are in terms of our cyber maturity score.We think the attackers are currently ahead of us, and we need to increaseour maturity on these three important items before the end of the year.And if w

To improve decision making at this level, the metrics provided by the security team must be risk based and framed in a way that aligns with business drivers.

Both Easterly and Zhora emphasize the need for organizations to embrace cybersecurity as an enabler for confidently achieving business objectives. Zhora notes that forgoing expansion opportunities due to cyber risks can sometimes pose greater existential threats than pressing forward despite potential dangers. Calculated risk-taking is necessary to