# Opener

Executive Perspectives, Episode 3, Bobby Mehta

Published by Axio

In the latest installment of our Executive Perspectives interview series, Axio CEO Scott Kannry  sat down with Bobby Mehta, the former President & CEO of TransUnion and a sitting board member of Allstate Corporation, Northern Trust, among others.

In each episode, Scott interviews the world’s top business leaders and learn how they handle cyber risk. The conversation touched on several crucial areas such as:

1. Cyber preparedness over crisis response

Bobby emphasized that organizations needed to prioritize preparedness to handle cybersecurity crises effectively. Rather than scrambling post-incident, he advised boards and executive teams to proactively manage vulnerabilities, maintain strong vendor relationships, and establish well-defined communication channels.

2. Intentional risk acceptance and the role of ubiquitous platforms

Bobby highlighted the concept of “intentional risk acceptance,” which was especially relevant given the dependency on platforms like Microsoft and CrowdStrike. While alternatives might not have been feasible, he urged boards to understand their critical vulnerabilities and prioritize contingency planning to minimize disruption if these platforms were compromised.

3. Balancing malicious and non-malicious cyber threats

While security teams often focused on defending against malicious attacks, Bobby pointed out the equally significant risk posed by non-malicious events, such as accidental code errors. He suggested that security strategies incorporate both types of risk, especially with the rise in software automation.

4. Simplifying communication between security and the board

One of the interview’s core insights was Bobby’s advice to CISOs on translating technical cyber risks into business-friendly terms. He encouraged security leaders to clearly outline the objectives, impacts, and risks of cybersecurity initiatives to foster a stronger, shared understanding with the board and executive team.

5. The challenge of cybersecurity complexity

Organizations, especially mid-sized ones, often struggled with the “technical debt” created by layering multiple security solutions. Bobby suggested that simplifying with integrated platforms, rather than relying on numerous point solutions, could help CISOs focus on detecting and responding to genuine threats.

6. Building a multi-disciplinary cybersecurity team

Effective cybersecurity required a coalition of departments, including HR, procurement, legal, and insurance, working alongside IT. Bobby underscored the importance of cross-functional collaboration to comprehensively address the wide-ranging vectors of cyber risk.

7. Advice for CISOs in a high-stakes role

Recognizing the pressures faced by security leaders, Bobby advised them to focus on creating a shared risk language and leveraging peer support across industries. By framing cybersecurity within a business context, CISOs could align the board on the realities of cyber risk and secure necessary support.

8. The evolving role of cyber risk in board governance

Cyber risk, though relatively new, intersected significantly with other risks like operational and reputational risks. Bobby urged boards to approach cybersecurity with the same rigor as other risk areas while appreciating its unique and interconnected nature.

 

Subscribe to our newsletter to learn when the latest episodes of Executive Perspectives are released!

Newsletter Sign-up