Close this search box.
Close this search box.

Cyber Risk Forum Preview: Michael Chertoff On What CEOs Don’t Understand About Cybersecurity

In part 2 of our 2-part interview, Chief Executive caught up with Michael Chertoff to talk about what CEOs are missing when it comes to to cybersecurity.

chertoffFormer Secretary of the U.S. Department of Homeland Security Michael Chertoff will be speaking at the 2018 Cyber Risk Forum on April 16, 2018 in San Francisco. Hosted alongside RSA® Conference, Corporate Board Member and Chief Executive are presenting the 3rd annual Cyber Risk Forum to provide CEOs and board members with the opportunity to explore emerging trends, prevalent threats and strategic opportunities surrounding cybersecurity. Click here to register.

In part 2 of our 2-part interview, Chief Executive caught up with Chertoff to talk about what CEOs and boards are missing about cybersecurity. Click here for part 1.

Q: In your experience, what do boards and CEOs not get about cybersecurity? What’s the big gap in understanding?

A: The costly and dynamic nature of cybersecurity threats makes them a top risk for many businesses; board directors and management, however, often struggle with understanding and responding to the scope of this rapidly changing risk. For most boards, cybersecurity is far from a core competency. Many C-suite executives and board directors, are not well-versed in security measures and would be unable to effectively guard against and mitigate an attack. This lack of fluency can contribute to indecision or avoidance when dealing with cybersecurity, and in the worst cases, a resigned acceptance that attacks are unavoidable.

The following guidelines can help strengthen businesses’ security programs by identifying core cybersecurity competencies and delegating each to the appropriate level of management. Consider including these cybersecurity fundamentals in your advisory arsenal.

“A security-driven culture is critical to enforcing cybersecurity over time.”

Risk Management

Management-led; overseen and directed by boards:

  • Governance: This critical component identifies the parameters necessary for companies to remain secure and compliant. Governance parameters should be clear, consistent, measurable, well-prioritized and aim to guard what the company identifies as its most sensitive assets. Management should define parameters to be reviewed and approved by the board.
  • Measurement: Managers should clearly define a successful risk-management model to establish consistent security priorities and goals, and periodically ensure company alignment with this model. Performance results should be shared appropriately among key stakeholders, management, and the board.
  • Response: The board is responsible for ensuring that management is capable of successfully carrying out proposed security plans and should recommend any adjustments necessary to make plans executable.

Join us in San Francisco on April 16 for the Cyber Risk Forum. Keynotes include Michael Chertoff, former Secretary of Homeland Security, and Rob Joyce, White House Cybersecurity Coordinator. Space is limited to 50 CEOs and Board Members. Register today!

Creating a Security-Conscious Organization


  • Culture: A security-driven culture is critical to enforcing cybersecurity over time. Boards should ensure that CEOs are exemplifying and encouraging this culture; company leaders should set a precedent that permeates throughout the organization. Further, boards should clarify and promote the incentives of cybersecurity compliance, including growing top-line revenue, lowering operations costs, improving quality of service, entering new markets, and recruiting and retaining high-performing employees.
  • People: The CEO and technical staff play vital cybersecurity roles; boards should feel confident in their abilities to implement and uphold the company’s cybersecurity values. Incentive, training and professional development programs should be strong enough to retain valuable employees. Boards should periodically evaluate these employees and incentive programs, making necessary changes to support the company’s security goals.

Anticipating Change

Shared responsibility between management and board.

  • Policy: Cybersecurity is a critical concern driving major regulatory and legislative shifts in the U.S. and worldwide. Management, boards, and companies as a whole should continuously track and prepare for upcoming policy changes. A business caught unaware of new regulations can incur considerable costs. The European Union’s General Data Protection Regulations (GDPR), for example, will become enforceable in May 2018 and will alter compliance costs and require new data security measures.
  • Foresight: The best security programs anticipate and plan for potential incidents. Understanding likely threats, as well as recognizing vulnerabilities and unknown factors, is critical to developing an effective cybersecurity plan. Management, boards and other key players are responsible for anticipating future threats and assessing the company’s ability to guard against potential attacks. When appropriate, trusted third parties can be a helpful tool to assess, audit and provide an outside view of a company’s cybersecurity efforts.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.