/smstreet/media/agency_attachments/3LWGA69AjH55EG7xRGSA.png)
/smstreet/media/member_avatars/2025/05/09/2025-05-09t090606704z-smestreet-logo-transperantpng.png ){kind=logo}
Follow Us/smstreet/media/media_files/2025/09/22/tenable-2025-09-22-16-51-08.jpg)
Tenable®, the exposure management company, has announced the formation of the Exposure Management Leadership Council, a new working group dedicated to developing and advancing principles, best practices, policies and frameworks for exposure management. Composed of Chief Information Security Officers (CISOs) and cybersecurity leaders from leading global organisations across a range of industries, including insurance, technology, transportation, legal and consumer packaged foods, the Council’s mission is to mature exposure management into a widespread proactive security discipline that demonstrably reduces organisations’ cyber exposure.
The council released a new report, "Board meetings and the dreaded cyber risk update: a use case for exposure management," which captures highlights, anecdotes and insights from the inaugural meeting. The report analyses the critical communication gap between security leaders and their boards of directors and offers a new path forward.
The report finds a persistent disconnect in the boardroom that impairs organisations' ability to effectively manage and mitigate cyber risk at a time of heightened exposure and regulatory scrutiny. The disconnect stems from the security operations metrics that CISOs have historically shared during quarterly board meetings–metrics that fail to accurately capture and communicate an organisation's true cyber exposure in large part because they're sourced from disparate, siloed security tools.
“Exposure management is a strategic driver of organisational success,” said Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council. “Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation’s most pressing exposures and articulate their potential business impact.”
"Exposure management can help CISOs bridge the boardroom communication gap," said Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas and member of the Exposure Management Leadership Council. "While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes."