The issue of value creation has long been a contentious topic in cybersecurity. In this book, Bob Chaput makes a compelling argument that cybersecurity executives can function as value creators by taking on a leadership role in enterprise cyber risk management (ECRM). Bob then articulates a road map for how infosec executives, business leaders, and board members can work together to develop an ECRM-driven approach to security.
This book couldn’t have come at a more critical time. The release of new cyber breach disclosure rules from the US Securities and Exchange Commission in July 2023 accelerated a growing movement among boards to govern cyber in a more strategic manner. Public companies are expected to identify the materiality of breaches and report on any material incidents within four days of determining materiality. To meet this need, the board, business executives, and CISOs must work together to develop a cohesive ECRM strategy. While the mandate only extends to public companies, the impact is expected to extend well beyond that jurisdiction.
Moving the cybersecurity conversation away from a focus on controls to an emphasis on ECRM is essential, and Bob is perfectly positioned to provide guidance here. From his executive technical leadership positions at GE, Johnson & Johnson, and Healthways to his work as CEO and, since 2018, Executive Chairman at Clearwater Compliance, not to mention his essential contribution as a member of the IANS Faculty, Bob has been exposed to countless executive cyber risk conversations. Bob is also a member of the National Association of Corporate Directors and has served as a board advisor. This blend of experience allows Bob to not only speak with authority about ECRM issues but also provide practical guidance on how to deliver value to the business.
On a personal note, I’ve found Bob to be one of the best active listeners that I’ve ever met. Bob’s other great skill is in his ability to distill his conversations with CISOs, business leaders, board members, and regulators into compelling, actionable insights. He cares deeply about this topic and it shows.
The wisdom he passes on in this book is not just for CISOs. Anybody with a responsibility to manage or govern enterprise cyber risk can benefit from Bob’s guidance.
This work is essential in the industry today, especially because it is not an academic work. Instead, Bob provides real, practical guidance on how to build out an ECRM program and use that to influence the business effectively. It takes what is often a theoretical idea and presents tangible ways to make that value a reality. That actionability makes it stand out and turns it into a necessary read for executives seeking a perspective on enterprise cyber risk.
—Phil Gardner, CEO, IANS Research
Click here to purchase Enterprise Cyber Risk Management as A Value Creator | Leverage Cybersecurity for Competitive Advantage. Please note: As an Amazon Associate, I earn from qualifying purchases.