In the latest installment of our Executive Perspectives interview series, Axio CEO Scott Kannry sat down with Bobby Mehta, the former President & CEO of TransUnion and a sitting board member of Allstate Corporation, Northern Trust, among others.
In each episode, Scott interviews the world’s top business leaders and learn how they handle cyber risk. The conversation touched on several crucial areas such as:
1. Cyber preparedness over crisis response
Bobby emphasized that organizations needed to prioritize preparedness to handle cybersecurity crises effectively. Rather than scrambling post-incident, he advised boards and executive teams to proactively manage vulnerabilities, maintain strong vendor relationships, and establish well-defined communication channels.
2. Intentional risk acceptance and the role of ubiquitous platforms
Bobby highlighted the concept of “intentional risk acceptance,” which was especially relevant given the dependency on platforms like Microsoft and CrowdStrike. While alternatives might not have been feasible, he urged boards to understand their critical vulnerabilities and prioritize contingency planning to minimize disruption if these platforms were compromised.
3. Balancing malicious and non-malicious cyber threats
While security teams often focused on defending against malicious attacks, Bobby pointed out the equally significant risk posed by non-malicious events, such as accidental code errors. He suggested that security strategies incorporate both types of risk, especially with the rise in software automation.
4. Simplifying communication between security and the board
One of the interview’s core insights was Bobby’s advice to CISOs on translating technical cyber risks into business-friendly terms. He encouraged security leaders to clearly outline the objectives, impacts, and risks of cybersecurity initiatives to foster a stronger, shared understanding with the board and executive team.
5. The challenge of cybersecurity complexity
Organizations, especially mid-sized ones, often struggled with the “technical debt” created by layering multiple security solutions. Bobby suggested that simplifying with integrated platforms, rather than relying on numerous point solutions, could help CISOs focus on detecting and responding to genuine threats.
6. Building a multi-disciplinary cybersecurity team
Effective cybersecurity required a coalition of departments, including HR, procurement, legal, and insurance, working alongside IT. Bobby underscored the importance of cross-functional collaboration to comprehensively address the wide-ranging vectors of cyber risk.
7. Advice for CISOs in a high-stakes role
Recognizing the pressures faced by security leaders, Bobby advised them to focus on creating a shared risk language and leveraging peer support across industries. By framing cybersecurity within a business context, CISOs could align the board on the realities of cyber risk and secure necessary support.
8. The evolving role of cyber risk in board governance
Cyber risk, though relatively new, intersected significantly with other risks like operational and reputational risks. Bobby urged boards to approach cybersecurity with the same rigor as other risk areas while appreciating its unique and interconnected nature.
Subscribe to our newsletter to learn when the latest episodes of Executive Perspectives are released!