In a move to advance proactive cyber risk management, Tenable, the exposure management company, has announced the creation of the Exposure Management Leadership Council. The working group brings together Chief Information Security Officers (CISOs) and cybersecurity leaders from top global organisations across industries such as insurance, technology, transportation, legal, and consumer packaged goods.
The council’s mission is to mature exposure management into a proactive, standardised discipline—one that helps organisations not only understand but demonstrably reduce their cyber exposure.
Spotlight on the Boardroom Disconnect
At its inaugural meeting, the council released a report titled “Board meetings and the dreaded cyber risk update: a use case for exposure management.” The report highlights a familiar yet persistent issue: the communication gap between CISOs and their boards of directors.
According to the findings, board updates on cybersecurity too often rely on technical, siloed metrics from disparate tools, which fail to capture an organisation’s true exposure. This disconnect, the report notes, hampers effective risk management, particularly at a time when cyber threats are intensifying and regulatory scrutiny is increasing.
Moving from Metrics to Meaning
“Exposure management is a strategic driver of organisational success,” said Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council. “Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation’s most pressing exposures and articulate their potential business impact.”
Adding to this, Joanna Burkey, corporate director and former CISO at HP and Siemens Americas, stressed the importance of reframing the board conversation. “Exposure management can help CISOs bridge the boardroom communication gap. While the fundamental objectives are proactive breach prevention and risk mitigation, an added benefit is the ability to transform the quarterly cyber update into a strategic discussion that drives action and outcomes.”
Setting the Stage for Proactive Security
The council represents a growing recognition that cyber risk management must evolve from reactive defense to proactive exposure reduction. By uniting leading CISOs under a common framework, Tenable aims to provide organisations with a practical model to strengthen resilience, improve boardroom communication, and meet the rising demands of regulators and stakeholders alike.