Talk to your CFO about this TODAY.
If a cyber risk budget isn’t based on ROI, if it’s just an arbitrary number, something is wrong.
Ira Winkler’s talk at Cyber Week summed it up in a simple & elegant way:
1️⃣ Define the risk you’re willing to accept - taking into account your organization’s vulnerabilities and risk appetite.
2️⃣ Choose and quantify the required countermeasures that would mitigate risk to the appropriate level.
3️⃣ Calculate the suggested cost of the countermeasures, and show their ROI regarding the risk they help mitigate, to build your optimized budget.
To get the numbers right and find this cyber budget sweet spot, one must do what many CISOs don’t want to do: sit down with the CFO. Get to the bottom of your organization’s real exposure, your actual risk appetite and the bigger financial picture. This is a step in the right direction- speaking with senior execs in their own tongue: not just risks and threats 🚨, but also dollar signs 💲
Do you think most CISOs are ready for this conversation?