SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Business meeting executives discussing shield cyber protection teamwork
#
Advanced Persistent Threat Protection
#
Risk & Compliance
#
Cybersecurity

Tenable council aims to bridge cyber risk gap with new framework

Fri, 19th Sep 2025
Author image
By Catherine Knowles, Journalist

Tenable has established the Exposure Management Leadership Council, a working group formed to address the communication gap between security teams and senior business leaders across companies in critical sectors.

The new council comprises Chief Information Security Officers (CISOs) and cybersecurity leaders from diverse global organisations in industries such as insurance, technology, transportation, legal, and consumer packaged goods. Its stated aim is to progress exposure management from a technical security activity to a proactive discipline integral to overall business risk management.

Exposure management focus

The council's first report, titled "Board meetings and the dreaded cyber risk update: a use case for exposure management", draws on insights and discussions from its initial meeting. The document highlights key challenges around how cyber risk is communicated within organisations, especially during board meetings.

The report reveals that traditional security metrics, often presented during quarterly updates to boards of directors, do not sufficiently capture the real extent of an organisation's cyber risk. According to the council, the problem results largely from these metrics being gathered from separate, isolated security tools, producing fragmented information that lacks relevance for senior management and board-level decision-making.

Boardroom disconnect

The report asserts that this ongoing disconnect hinders organisations in their efforts to manage and reduce exposure to cyber threats, particularly at a time when regulatory demands and the scale of cyber risks are increasing globally.

"Exposure management is a strategic driver of organisational success", said Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council. "Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation's most pressing exposures and articulate their potential business impact."

Huber's comments reflect the intent to move from technical details towards a clearer focus on strategic risk and organisational priorities, aligning security objectives more closely with wider business goals.

Changing the conversation

Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas, and a member of the Exposure Management Leadership Council, added that the value of exposure management extends beyond its operational benefits.

"Exposure management can help CISOs bridge the boardroom communication gap," said Joanna Burkey. "While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes."

Burkey noted that effective exposure management has the potential to recast cyber risk updates as productive board discussions focused on concrete actions, rather than as technical briefings that may lack direct relevance to organisational strategy.

Framework development

According to Tenable, the council is tasked with developing best practices, policies, and frameworks that can be widely adopted to mature exposure management into a key component of routine business risk processes. Through this work, the council seeks to equip CISOs and their teams with the tools and standardised approaches needed to communicate more effectively about cyber risk with executive leadership and board members.

Sector involvement

The establishment of the council brings together expertise spanning several important sectors. Participants include professionals from technology, transportation, insurance, legal, and consumer packaged goods industries, implying a broad-based approach to the challenges at hand.

This development comes at a point when regulations concerning cybersecurity and risk governance are tightening in multiple jurisdictions worldwide. There are growing expectations for boards to take an active role in understanding and managing cyber risk as part of their oversight responsibilities.

Report availability

The inaugural report from the Exposure Management Leadership Council, "Board meetings and the dreaded cyber risk update: a use case for exposure management", provides an overview of current difficulties faced by CISOs in demonstrating security postures and exposures at the board level. The report is accessible via Tenable's website.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
More than a third of STEM professionals consider moving abroad
US CISOs face mounting stress as cyber incidents & AI threats rise

Top stories

Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Drata appoints Aneal Vallurupalli as CFO amid global expansion
Ping Identity launches platform to secure & manage AI agents