Boards and CISOs are struggling to communicate cyber risk effectively. Instead of relying on more data and controls, CISOs should adopt proven risk management approaches from other industries, such as aviation, public health, and urban planning. By using these frameworks, CISOs can help boards understand cyber risk better and make informed decisions about security investments and strategies.
