For those enterprises that have a CISO (and way too many still don’t), demanding internal clients such as the board, risk committees and CFOs are asking tough questions. But given the sense of urgency around cybersecurity, CFOs and risk managers must be collaborators, not interrogators.
In cybersecurity circles, the idea of “aligning security with the business” gets a lot of lip service, but alignment is not a one-way street. There are some very real challenges associated with implanting cyber-risk management as a business function — challenges that are not just “cyber” problems, but business problems with roots in areas beyond the cybersecurity domain.
