Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table. Boards ask about cybersecurity investments and cyber resilience; they need answers rooted in reality, not prognostication. When cybersecurity leaders respond with a list of technologies deployed and potential risks that require additional investment, board members may get frustrated by a lack of clear answers and lose trust. This is a great opportunity for CISOs to take a different approach. Part of the challenge is that most boards don’t have cybersecurity practitioners and expertise, making it challenging to understand the linkage between technical risks and business impact. It’s the responsibility ...