‹ All episodes

Executive Cybersecurity with Dave Tyson

Handling Cybersecurity Risk

May 20, 2022 Dave Tyson Season 1 Episode 3
Handling Cybersecurity Risk
Executive Cybersecurity with Dave Tyson
More Info
Executive Cybersecurity with Dave Tyson
Handling Cybersecurity Risk
May 20, 2022 Season 1 Episode 3
Dave Tyson
  • Boards should engage and take an active role in cyber security governance: The expectations of private and public board members in governing cyber security risks in under more scrutiny and legal and personal liability benchmarks are evolving.
  • Disengaging cyber security from compliance requirements reporting is critical in understanding cause and effect in cyber security.
  • Cyber security is a business issue, not IT, embed cyber security deep into the business and the protection of the business crown jewels.
  • Boards should focus on getting the right metrics reported to them that clearly articulate cyber risks to business priorities in business context, they should reject tactical conversations.
  • Disconnect traditional funding models from Cyber Security conversations, establish how much risk is acceptable and the risk/threats brought on by business decisions, then align strategies to those decisions or accept the new risks. Doing nothing delivers the latter.
  • Spend the time to get advanced security threat intelligence that can refine your understanding of the real risks that face your specific organization, inform the right security strategy, and enable the business to act boldly where risk is low.
  • Leaving cyber security to IT, sticking cyber security in the audit committee purview, and giving the topic 10 minutes on a quarterly management agenda pretty much ensures you will be a victim – that may sound blunt but its backed by a lot of hacking incident data.
  • You do not have to spend a fortune to protect what is important to your organization – you would be surprised how much inefficient and ineffective security spend exists inside organizations, but strategy and clear tone from the top will be needed to break log jams when trade offs need to be made.
  • Business strategy dogma often creates business plans without cyber security considered, then the business complains cyber security says no or is in the way – solution, put them in the total conversation so they can ensure they find the safe way on how to achieve the business goals.


Apple Podcasts Spotify Amazon Music Podcast Index Overcast iHeartRadio +
Show Notes
  • Boards should engage and take an active role in cyber security governance: The expectations of private and public board members in governing cyber security risks in under more scrutiny and legal and personal liability benchmarks are evolving.
  • Disengaging cyber security from compliance requirements reporting is critical in understanding cause and effect in cyber security.
  • Cyber security is a business issue, not IT, embed cyber security deep into the business and the protection of the business crown jewels.
  • Boards should focus on getting the right metrics reported to them that clearly articulate cyber risks to business priorities in business context, they should reject tactical conversations.
  • Disconnect traditional funding models from Cyber Security conversations, establish how much risk is acceptable and the risk/threats brought on by business decisions, then align strategies to those decisions or accept the new risks. Doing nothing delivers the latter.
  • Spend the time to get advanced security threat intelligence that can refine your understanding of the real risks that face your specific organization, inform the right security strategy, and enable the business to act boldly where risk is low.
  • Leaving cyber security to IT, sticking cyber security in the audit committee purview, and giving the topic 10 minutes on a quarterly management agenda pretty much ensures you will be a victim – that may sound blunt but its backed by a lot of hacking incident data.
  • You do not have to spend a fortune to protect what is important to your organization – you would be surprised how much inefficient and ineffective security spend exists inside organizations, but strategy and clear tone from the top will be needed to break log jams when trade offs need to be made.
  • Business strategy dogma often creates business plans without cyber security considered, then the business complains cyber security says no or is in the way – solution, put them in the total conversation so they can ensure they find the safe way on how to achieve the business goals.