Effective cybersecurity is no longer about stopping every attack. That is simply no longer possible.
But moving from prevention to accepting that attacks will happen means thinking much more about business risk. That is not always an easy transition for cybersecurity teams.
As our guest for this episode puts it, the business “eats risk for breakfast”. And business risk is typically viewed financial terms.
Of course, CISOs need to weigh the cost of defences against the cost of a breach. And with ever more attacks, and attackers moving more quickly through networks, the cost of cyber defences is rising.
So what conversations need to happen between security teams and the board? Do boards fully understand the operational disruption that comes with a cyber attack, disruption that can be fatal to a business?
And how does connecting threat intelligence and technical data on vulnerabilities with business risk data work in practice?
Richard Seiersen is a researcher, author, entrepreneur and former CISO, and currently chief risk technology officer at Qualys. Interview by Stephen Pritchard.
