Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

One Identity: How CISOs Should Engage Boards on Security ROI

One Identity
06/16/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


As you know, right, over the last five years or so, as the interest rate climate has changed, the boards have become a lot more focused on the profitability of the business, the investment sort of profile of the business, not just pure growth. So they are looking at the investment and spend on things. And so I think the CISOs have to do this job of elevating themselves and put themselves in the shoes of the board members and engage them in the dialogue in the context of the ROI to the business for the things that they actually spend money on, right? You can pretty much read in press articles today, like the companies that are actually getting breached. And so I think the cost of a breach is one of the ways I think in terms of like the cost of a breach for organization can be hundreds of millions of dollars now. So when CISOs engage with the board, it's in terms of that kind of ROI, right? The investment in, hey, their identity governance framework that they actually are using or protecting their privileged accounts, right? It used to be that they could have a corporate firewall and they could be squishy in the middle and they still felt pretty good. Now with the cloud and the internet and post COVID, now their employees are distributed all over the world. So there is no such thing as a corporate firewall. Identity has become the security perimeter for these organizations. And the threats we are seeing like phishing attacks and ransomware and CISOs can focus on that rather than focusing on the technology piece and to sort of describe the attack vectors and the cost of not having protection in their environment. I think that's the level of conversation they need to be having at the board.

TL;DR

  • Boards now prioritize profitability and investment ROI over pure growth, requiring CISOs to justify security spending in business impact terms rather than technical features.
  • Breach costs can reach hundreds of millions of dollars, making cost avoidance a compelling framework for discussing investments in identity governance and privileged access management.
  • Identity has replaced the corporate firewall as the security perimeter due to cloud adoption and distributed workforces, fundamentally changing how organizations must approach security architecture.

Summary

This brief executive perspective addresses the evolving relationship between CISOs and corporate boards in the current economic climate. The speaker emphasizes that boards have shifted focus from pure growth to profitability and investment scrutiny over the past five years, driven by changing interest rate environments. CISOs must elevate their communication approach to engage boards in ROI-focused dialogue, framing security investments in terms of breach cost avoidance rather than technical capabilities. With breaches now costing organizations hundreds of millions of dollars, the conversation centers on quantifying the value of identity governance frameworks and privileged access protection. The fundamental shift from perimeter-based security to identity-centric security—accelerated by cloud adoption and distributed workforces—requires CISOs to articulate attack vectors and protection gaps in business impact terms rather than technical specifications.

Chapters

0:00 - Board Focus Shift
0:26 - CISO Communication Strategy
0:47 - Breach Cost Economics
1:11 - Identity as Perimeter

Key Quotes

0:26 "I think the CISOs have to do this job of elevating themselves and put themselves in the shoes of the board members and engage them in the dialogue in the context of the ROI to the business for the things that they actually spend money on ..."
0:53 "... the cost of a breach for organization can be hundreds of millions of dollars now ..."
1:26 "... there is no such thing as a corporate firewall. Identity has become the security perimeter for these organizations ..."

FAQ

Why do CISOs need to change how they communicate with boards?

Boards have shifted focus from pure growth to profitability and investment ROI over the past five years. CISOs must frame security investments in terms of breach cost avoidance and business impact rather than technical capabilities to align with board priorities and secure necessary funding.

How has the security perimeter changed for modern organizations?

The traditional corporate firewall perimeter has been eliminated by cloud adoption and distributed workforces. Identity has become the new security perimeter, requiring organizations to invest in identity governance frameworks and privileged access protection rather than relying on network-based defenses.


Categories:
  • » Cybersecurity » Identity & Access Management (IAM)
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Executive Briefing
  • Identity & Access
  • Zero Trust
  • Security Operations
  • Compliance & Governance
  • CISO board communication
  • security ROI
  • breach cost economics
  • identity governance
  • privileged access management
  • zero trust architecture
  • cloud security perimeter
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: One Identity: How CISOs Should Engage Boards on Security ROI

              Upcoming Webinar Calendar

              • 06/17/2026
                12:00 PM
                06/17/2026
                Action1: The Remediation Gap: Vulnerability Management in the Age of AI
                https://www.truthinit.com/index.php/channel/2010/action1-the-remediation-gap-vulnerability-management-in-the-age-of-ai/
              • 06/23/2026
                01:00 PM
                06/23/2026
                The AI-Powered VMware Alternative
                https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
              • 06/24/2026
                11:00 AM
                06/24/2026
                LATAM: Accelerating Insights on AI Through an Engaging Webinar Series
                https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
              • 06/25/2026
                01:00 PM
                06/25/2026
                Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier
                https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
              • 06/30/2026
                01:00 PM
                06/30/2026
                Master Active Directory Certificate Services for Long-term Success
                https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-for-long-term-success/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Integrating Security in AI: Automated Red Teaming Strategies for Private Models
                https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Schutz von KI in Anwendungen, Agenten und APIs.
                https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
              • 07/01/2026
                01:00 PM
                07/01/2026
                Stop Your AI from Controlling You: Strategies for Retaining Power
                https://www.truthinit.com/index.php/channel/2021/stop-your-ai-from-controlling-you-strategies-for-retaining-power/
              • 07/02/2026
                10:00 AM
                07/02/2026
                When the cloud goes dark: Resilience lessons from hybrid threats
                https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
              • 07/14/2026
                11:00 AM
                07/14/2026
                In-Depth Analysis of the Latest Features in Netwrix 1Secure
                https://www.truthinit.com/index.php/channel/2014/in-depth-analysis-of-the-latest-features-in-netwrix-1secure/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection Practices
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection-practices/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 09/30/2026
                04:00 AM
                09/30/2026
                EMEA: Shadow AI, MCP, and Emerging Risks of Artificial Intelligence
                https://www.truthinit.com/index.php/channel/2024/shadow-ai-mcp-and-emerging-risks-of-artificial-intelligence/

              Upcoming Events

              • Jun
                17

                Action1: The Remediation Gap: Vulnerability Management in the Age of AI

                06/17/202612:00 PM ET
                • Jun
                  23

                  The AI-Powered VMware Alternative

                  06/23/202601:00 PM ET
                  • Jun
                    24

                    LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

                    06/24/202611:00 AM ET
                    • Jun
                      25

                      Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

                      06/25/202601:00 PM ET
                      • Jun
                        30

                        Master Active Directory Certificate Services for Long-term Success

                        06/30/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version