CISOs around the world are having to face up to the challenge of quantifying their organization’s level of cyber risk to get board level-buy in on security, but what does this look like in practice?
Speaking to ITPro, Tim Grieveson, SVP and global cyber risk advisor at Bitsight, and ranked among the Top CSO’s of 2023, reported that during his travels speaking to CISOs around the world, he found that new regulations around cyber resilience are driving security leaders to manage their cyber risks differently.
“I look after Bitsight from a global perspective so EMEA, APAC, and the US and one of the things that is certainly driving the [CISO] mindset is the tsunami of regulations coming up, whether it be NIS2 in Europe, SOC 2 in the US, the cyber bill in Singapore or Australia.”
But Grieveson said that this raises new challenges around how these leaders can collate the various threats facing their organization into a single metric that can then be used to communicate risk to boards and auditors alike.
“The challenge CISOs and chief risk officers are facing is quantification of their risk in financial terms. Understanding what the attack surface is, what they are covering…
