Cybersecurity Outcomes: What Do We Really Want?

The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).

I had a client whose maturity scores didn’t improve over a 3-year period. If data was all that was presented this could easily be interpreted as a failure of progress. But when they focused the narrative around the successful integration of the multiple acquisitions they had over the past few years, the focus shifted to the successful expansion of

Both Easterly and Zhora stress the importance of communicating cyber risks in a language that resonates with business decision-makers. This enables informed decision-making when allocating resources to cybersecurity initiatives. By aligning cybersecurity efforts with business goals, organizations can view cybersecurity not merely as a constraint, b

As an example, imagine a company expanding into Europe. That expansion is subject to General Data Protection Regulation (GDPR), and this will influence priorities and investments in areas that may not be as critical to a purely security-focused program. A valuable CISO recognizes the business need and context for the controls they recommend. In thi

Explain that cybersecurity means more than data protection. In the Harvard Business Review article 7 Pressing Cybersecurity Questions Boards Need to Ask, authors Dr. Keri Pearlson and Nelson Novaes Neto wrote that many board members think cybersecurity is still about protecting data, which was true many years ago. However, now that digital process