Creating a Cyber Resilient Organization: Taking Calculated Risks while Leading Through Emerging Regulatory Change

The emerging cyber guidelines and rules from the SEC and National Association of Corporate Directors (NACD) do not present anything new to responsible and conscientious leaders; they merely extend the explicit ethics that have always been required of directors to a new domain of activity in our increasingly risky cyber-connected market. However, we should be motivated to act accordingly because the spirit behind them is the right thing to do to achieve resilience to material threats, maximize competitive capability, and participate as good citizens within an ethical framework of duty of care that is already over a century old.

Nevertheless, CISOs (or those working in that function) need to understand:

• the table stakes for what the emerging guidelines require
• how best to communicate to the C-suite and Board
• what your strategic initiatives are designed to accomplish
• the budget requirements to support them
• the economic effects they present to the enterprise.

In this presentation I will discuss these elements to help you mature your organization toward cyber resilience.

While this discussion is directed to cyber security leaders and professionals, participants from other operational functions can easily extend its contents to any capital budgeting exercise and initiatives executed under uncertainty.