Saved by Chad Hudson
Protecting People, Not Just Data
When you've created this kind of culture, management expectations are rooted in reality, where everyone considers their effect on the organization's security posture, and CISOs aren't faced with surprises, resistance, and friction that make them want to quit. If you advocate with the clarity that most cannot find in cybersecurity, you will achieve
... See moreDark Reading • Rethinking Cybersecurity's Structure & the Role of the Modern CISO

It is important to clearly communicate to the target audience which items on the list are threats, assets and controls (however weak they may be). Executives must understand how the combination of these categories of things can be manipulated to cause harm to the enterprise.
ISACA • Home / Resources / ISACA Journal / Issues / 2020 / Volume 3 / Communicating Technology Risk to Nontechnical People
But what if there was a way around this? At the risk of mixing movie franchises, what if there was someone you could call? (I had gone with the Ghostbusters theme in an early edit, bear with me). A theoretical “Mr. Wolf Inc” who come to the rescue of people who have been hacked in the first few hours/day when the situation is frantic.