Leading with Intelligence — CISOs as Strategic Business Influencers

Global CISOs today face a perfect storm: expanding threat surfaces, fragmented visibility, constrained budgets, and rising regulatory scrutiny. In this high-stakes environment, security leaders must evolve from technical guardians to strategic influencers — translating risk into business value and guiding enterprise resilience.

CISOs in our Global Community gathered recently for a Town Hall discussion on their role in this evolution and how to communicate to the business about security intelligence and risk. Richard LaTulip, Field CISO at Recorded Future, moderated the discussion. Global CISO Governing Body Members Monica Brindza, CISO at Reliance, Inc; Derek Dixon, CISO at Fresenius Kabi; Jeff Johnson, CISO, Director, IT Security and Privacy at DigiKey; Evisa Kica, Ibraimi, CISO at IKEA; Tammy Klotz, CISO at Trinseo; Alan Rosa, CISO & SVP, Infrastructure and Operations at CVS; and Larry Woods, CISO & Privacy Officer at Post Holdings, guided the small group discussions with their peers.

For CISOs across Gartner C-level Communities, measuring and communicating risk has been a top three priority for the past several years. Results from our annual Leadership Perspective Survey of security executives’ key focus areas also show building cyber resilience as a top initiative. This discussion focused on how to translate threats into business terms, leverage intelligence strategically and prepare for “over the horizon” risks.

Key Takeaways from the Discussion

• Translating Cyber Risks into Business Terms

CISOs agreed that they must communicate threats and risks in business terms, not technical ones. Executives suggested tactics like using storytelling, demonstrating financial impact, and providing concrete examples to make risks relevant. One security leader shared that there are a lot of “tools in the tool belt” for communicating risk, and the key is to “know your audience – and which tool fits the audience.”

Security leaders also discussed how to add business value to conversations about risk. One CISO suggested linking data security to AI efforts, since it is a near-universal priority across organizations. Another executive agreed that it is effective to link cyber efforts to innovation areas like AI and automation or to emerging regulations. 

Others pointed out that you can frame operational risk with a financial lens, or you can share examples and lessons learned from other companies who experienced reputational impact due to a security breach. As one executive noted, “You are trying to help the business understand that you have their best interest at heart and want the business to keep operating.”
 

• Leveraging Intelligence and Technology Strategically

CISOs in the discussion believe that threat intelligence needs to be used properly and strategically. It can be helpful in informing business decisions and keeping teams – including executive teams – current on relevant risks. Intelligence is one “pathway of communicating risks to the business,” according to one executive. Another security leader shared that it can “keep your executive team tuned into the reality of the situation.”

However, security leaders cautioned that threat intelligence needs to be shared thoughtfully and intentionally. One suggested linking it back to your specific region or industry, and another said to focus on the most likely or relevant tactics, techniques, procedures (TTPs) and defense measures. Generally, CISOs felt that sharing threat intelligence could have positive results in engaging their business partners and reinforcing their status as trusted partners.
 

• Building Partnerships and Collaborative Resilience

Security leaders emphasized the value of fostering strong internal partnerships, including with legal, compliance, and business teams. These partnerships can help strengthen the organization’s collective defenses and resilience. CISOs can also work with partners to create better alignment between security initiatives and business objectives and regulatory requirements.

Strong collaborators also encourage advocacy and support for security efforts. To be successful, CISOs shared that you need to know what is most critical to each stakeholder and translate the security risks accordingly. As one CISO pointed out, partnerships will be stronger when you “understand what other business partners deem the most important.”
 

This Town Hall discussion highlighted the importance of business-focused communication, the strategic use of intelligence, and collaborative partnership in elevating the role of CISOs as strategic business influencers. As one CISO said of evolving to become a more business-focused security leader: “Prioritize risks on specific focus areas that relate directly to business risks.”

To collaborate with other CISOs on communicating risk in terms of business value and improving enterprise resilience, apply to join a CISO community. If you are a current community member, sign in to the app to find upcoming opportunities to connect with your peers.