Exposure management framework strengthens board-level cyber risk communication
Tenable has launched the Exposure Management Leadership Council, a global initiative designed to strengthen proactive risk management across industries. Announced on September 22, 2025, the council brings together Chief Information Security Officers (CISOs) and cybersecurity leaders from insurance, technology, transportation, legal, and consumer goods sectors.
The council’s mission is to mature exposure management into a structured discipline that reduces cyber risk and enhances organizational resilience. Its first published report, “Board meetings and the dreaded cyber risk update: a use case for exposure management,” highlights challenges CISOs face when communicating with boards. It underscores the disconnect caused by relying on siloed technical metrics that fail to present a true picture of organizational exposure.
Bob Huber, Chief Security Officer at Tenable and Chair of the Council, emphasized the need to reframe discussions. “Exposure management is a strategic driver of organizational success. A standardized framework helps pinpoint pressing exposures and their potential business impact,” he said.
Council member Joanna Burkey, a corporate director and former CISO at HP and Siemens Americas, noted that exposure management improves communication with boards. “Its fundamental goals are breach prevention and risk mitigation, but it also helps transform quarterly cyber updates into strategic conversations that drive action,” she said.
The formation of this council and release of its inaugural report mark a critical step in aligning cybersecurity practices with board-level strategies. By uniting industry leaders, Tenable aims to create a proactive, measurable, and business-focused exposure management framework.
To access the full report, readers can visit Tenable’s official website.
