Cyber risk is not just a security issue, it’s a business issue. As a result, it’s rightfully become an executive level discussion topic. That said, CISOs often don’t speak the same language as boards. Security professionals relish very granular, highly technical details, then ask for boatloads of money. But boards need risk and ROI to be financially quantified. Proving the effectiveness of a security program and justifying the budget in this way makes CISOs look like champions.