Unpopular opinion: Talking cyber risk in dollars scares clients away

Met with a CISO in Austin last week who told me dollar figures make them freeze up, and now I wonder if we're losing deals by leading with breach cost estimates instead of actual threat context.

3 comments

3 Comments

drewgonzalez10d ago

Wait, a CISO is scared of numbers?

alicehernandez10d ago

Have you looked at how CISOs actually get punished in their job? In my experience, the ones who freeze at dollar figures aren't scared of numbers - they're scared of being the person who pushed a "this will cost us $50M" warning to the board and it didn't happen. That gets you fired faster than missing a breach, because the board remembers bad projections way longer than they remember good security. Maybe try framing it as "here's what competitors in your vertical are dealing with" instead of dollar amounts, since that hits them where they actually feel the risk.

casey68210d ago

alicehernandez, that bit about "bad projections getting you fired faster than missing a breach" really stuck with me. You're right, board members don't forget when you cry wolf with a big number and it doesn't pan out. That kind of pressure changes how a CISO hears anything you say. Maybe we need to stop treating them like they don't understand math and start respecting that they understand their own career risk better than we do.