TENABLE UNITES TOP CISOS TO FORGE EXPOSURE MANAGEMENT FRAMEWORK FOR PROACTIVE RISK MANAGEMENT

• 22 Sep 2025
• TM Team
• 0 Comments

Tenable, the exposure management company, announced the formation of the Exposure Management Leadership Council a new working group dedicated to developing and advancing principles, best practices, policies and frameworks for exposure management. Composed of Chief Information Security Officers (CISOs) and cybersecurity leaders from leading global organizations across a range of industries, including insurance, technology, transportation, legal and consumer packaged foods, the Council’s mission is to mature exposure management into a widespread proactive security discipline that demonstrably reduces organizations’ cyber exposure.

The council released a new report, "Board meetings and the dreaded cyber risk update: a use case for exposure management,"which captures highlights, anecdotes and insights from the inaugural meeting. The report analyzes the critical communication gap between security leaders and their boards of directors and offers a new path forward.

The report finds a persistent disconnect in the boardroom that impairs organizations' ability to effectively manage and mitigate cyber risk at a time of heightened exposure and regulatory scrutiny. The disconnect stems from the security operations metrics that CISOs have historically shared during quarterly board meetings–metrics that fail to accurately capture and communicate an organization's true cyber exposure in large part because they're sourced from disparate, siloed security tools.

“Exposure management is a strategic driver of organizational success,” said Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council. “Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardized exposure management framework would help CISOs pinpoint their organization’s most pressing exposures and articulate their potential business impact.”

"Exposure management can help CISOs bridge the boardroom communication gap," said Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas and member of the Exposure Management Leadership Council. "While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes."