Skip to the main content.
Partner Programs
Already a Partner?
The Value of Partnership with Netenrich



  • Netenrich /
  • Blog /
  • Managing Cybersecurity Risk from the Boardroom

2 min read

Managing Cybersecurity Risk from the Boardroom

Source:  Originally published in MSSP Alert on Aug 15 2022

As a leading MSP, GreenPages has to be the best of the best steward of cybersecurity for our customers. Cybersecurity stewardship has to permeate through our entire organization every step of the way in our interactions with our customers, from the first sales touch point to how technical team engages. We have the responsibility of holding our customers’ “keys to the cyber kingdoms,” so we are extremely diligent and relentless about cybersecurity.

Keeping our customers safe from cybersecurity threats: As a 20-year cybersecurity and MSP industry veteran, I’ve learned that the approach of continuing to buy more tools and hire more people does not necessarily lead to better security. While it may improve security postures in the short-term, it becomes untenable and impossible to manage in the long-term. We’ve had to take a step back from the more-tools, more-people approach and ask ourselves, “How can we manage the compounding problems of our customers’ increasingly complex digital environments along with escalating cybersecurity threats that are increasing in frequency and sophistication?”


Taking cybersecurity to the boardroom

Cybersecurity risk must be a board-level issue because cybersecurity risks are enormous. Getting hacked, data breaches, malware, loss of service, and ransomware, etc. can take down your business and your customers’ businesses. So we need to not only tackle cybersecurity at the technical level, we must also manage cybersecurity risk at the board and executive levels. There has to be cybersecurity expertise on the board.

It’s up to the board to determine the organization’s risk tolerance, to set goals, and then fund decisions on how to achieve those goals. Of course the board does not decide whether you need to buy a certain security tool. It assesses: What are the “crown jewels” of the company? What do we care most about? How are we protecting our crown jewels? How are we accountable? It’s important to focus on outcomes how they align with corporate goals.

I sit on the GreenPages board as the cyber expert, and I spend a lot of time educating our board on cybersecurity issues. It’s highly effective, because when the board is cyber aware and aligned, our organization can move fast to roll out cybersecurity programs organization wide. We specify expected outcomes, ensure accountability, and fund appropriately.

When that happens at the board level, you remove the sand from the gears. It’s clear to everyone throughout the organization that security is a priority, and projects that meet the organization’s security goals get funded and executed successfully.


Metrics and ROI

GreenPages has set of key metrics that I regularly present and discuss with the board. I built dashboards for them in a straightforward way to show accountability and transparency. We measure progress month by month and tie progress to the spend in the funding that was approved to get better. We measure:

  1. Are we getting better with our overall security posture? 
  2. Are funded projects producing the results that we expected? 
  3. Are we responding to events quicker? 

I am transparent with these metrics – with the board and with our customers – because transparency drives outcomes, builds trust, and educates. When you can show progress and meet goals, it drives the funding we need to continue to get the job done.


Getting certified in cybersecurity management for corporate boards

I discuss this often with our customers, and I strongly encourage them to take the Cybersecurity Strategy Online Certification program at Boston College, where we partner.

One of the most important things you learn in that program is that you can’t wipe out cybersecurity risk. You can manage it. You anticipate unknowns so that you can move quickly to mitigate damage when something bad happens. Learn more in the eBook A Board’s-Eye View of Cybersecurity Risk.


Emergence Cycle for Automated Moving Target Defense

4 min read

Netenrich is a Sample Related Vendor/Security Vendor in Gartner® report, Emerging Tech: Security — Emergence Cycle for Automated Moving Target Defense

According to the Gartner report, “Automated moving target defense (ATMD) technologies are paving the way for a new era of cyber defense...

Read More
Security solution

2 min read

Grow Your Security Solution Competitiveness with Netenrich and Google Cloud's OEM Program

Netenrich and Google Cloud have joined forces to offer a Fast-Track OEM program for security product innovation. Now security solution providers can...

Read More
EMA recommends Netenrich for RSA 2023

1 min read

EMA Names Netenrich a Leading Security Visionary and “Must See” Vendor at RSA 2023

Wondering what to see and who to visit at RSA 2023? Enterprise Management Associates (EMA) named Netenrich one of the top 10 “must see” vendors at...

Read More