S3E11: Resilient Cyber Show w/ Larry Clinton - Cybersecurity as a Business Risk

In this episode of Resilient Cyber, Chris Hughes interviews Larry Clinton, President of the Internet Security Alliance (ISA), to dive deep into the growing recognition of cybersecurity as a critical business risk. Clinton discusses how businesses can no longer view cybersecurity as just an IT issue, but rather a fundamental business challenge tied to economic incentives and organizational structure.

🔑 Key Highlights:

• Cybersecurity Misconceptions: Why cybersecurity isn’t just an IT issue, but a business imperative

• Economic Drivers of Cyber Risk: How attackers benefit from an economic model that favors them, and why defenders are at a disadvantage

• Business Integration: How leading organizations are moving cybersecurity from IT to the board level, integrating it into enterprise risk management

• Board Involvement: Strategies to shift cybersecurity oversight to the board, where it can be managed as a business risk

• CISO Reporting Debate: Where the Chief Information Security Officer (CISO) should sit in the organizational hierarchy

• Compliance vs. Security: Why compliance doesn’t equal security and how businesses should move beyond regulatory checkboxes

• Public-Private Partnerships: How collaboration between government and the private sector is critical for addressing systemic cyber risks

• SEC’s Role in Cybersecurity: The impact of recent SEC proposals on cybersecurity reporting and investor transparency

Larry also shares insights into how organizations should structure cybersecurity leadership, build more resilient systems, and balance economic and national security concerns in today’s interconnected digital world.