How CISOs Can Justify Security Investments In Financial Terms
HelpNet Security, Monday, June 23rd, 2025
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and elevate cybersecurity as a strategic driver.
What should CISOs know about how insurers and financial risk professionals are evaluating cybersecurity maturity?
Cybersecurity maturity is viewed differently depending on the stakeholder, and effective programs must account for these varying perspectives. Financial risk professionals approach it through an Enterprise Risk Management (ERM) lens, evaluating how well cyber risks are identified, mitigated, and aligned to financial, operational, and regulatory impacts. On the other hand, cyber liability insurers assess maturity based on exposure to cybersecurity events, using self-assessments, third party assessments, external scans, document reviews, and sometimes interviews to estimate the likelihood and cost of an incident.