Recently, Diligent hosted 4500 cybersecurity, risk, and governance leaders from organizations around the world at thei Cyber Risk Virtual Summit.
From CISOs to general counsels to board directors, a common theme emerged: cyber risk is no longer just a security issue — it’s a business and governance imperative. Organizations must move beyond reactive defense to proactive, strategic cyber resilience, ensuring CISOs, GCs, and boards work together to navigate increasing AI-driven threats and regulatory scrutiny.
We’ve rounded up some of the most insightful, thought-provoking, and practical quotes from the event, grouped by key themes.
CISO-GC-Board Collaboration on Cyber Risk
“If the GC and CISO always agree, something is wrong. You need a bit of tension — it means you’re working through the issues before they become a crisis.”
— Craig Rogers, Partner, Eversheds Sutherland
“When the CISO and GC present cyber risk together, it validates the message. The board sees two key voices aligned, which builds trust and drives action.”
— Natalie Salunke, General Counsel (Likezero) & Board Advisor
“Boards must recognize cybersecurity as a business risk, not just an IT issue. GCs play a vital role in embedding resilience into governance.”
— Kay Pang, Board Director, Grand Bank Yachts
🎞️ Watch on demand: View sessions like ‘CISOs & GCs Unite’ and all other expert roundtables from the Cyber Risk Virtual Summit at our dedicated event video hub.
Board-level Cyber Risk Governance & Oversight
“If cybersecurity isn’t on the board calendar, it won’t get the attention it deserves. It must be embedded into governance structures like any other critical business risk.”
— Colin Low, Independent Board Director, AET
“Cybersecurity is like brakes on a car — it’s not there to stop you, it’s there to give you control and confidence to move forward safely.”
— Guillaume Noé Head of Cyber Resilience, Queensland State Government
“Cybersecurity tabletop exercises expose the gaps. You can have a beautifully written incident response plan, but if you don’t test it, you’ll realize too late that key decision-makers are missing when a crisis hits.”
— Sarah Ward, Chief Legal Officer, Chainalysis
On the role of GRC technology in cyber resilience
“With a centralized platform, we now have instant visibility into cyber risks. It transformed how we communicate with leadership, ensuring we focus on what truly matters.”
— Parrish Gunnels, CISO, Sunflower Bank
“The board now has a clear, structured understanding of our cybersecurity posture. Our risk discussions are more productive, and leadership feels more engaged in our strategy.”
— Deanna Robinson Governance Risk & Compliance Manager, Sonoco Products
The Role of the CISO In Cyber Risk Management
“CISOs must translate risk into a language the board understands. Instead of talking about encryption, explain how it prevents financial and reputational loss.”
— Lavonne Burke, VP of Legal, Global Security, IT & AI, Dell
“Rapport isn’t built in a crisis. CISOs need to engage the board before an attack happens, educating them and establishing trust.”
— Matt Malone, Board Director & Former Partner (Head of Risk Consulting), KPMG UK
“CISOs need to frame cybersecurity as a business enabler, not just a cost center. Show how security investments drive customer trust and long-term resilience.”
— Myrna Soto Founder & CEO, Apogee Executive Advisors, Board Director and Former CISO, Comcast
“CISOs were never trained to think about public company reporting and disclosure—this new level of visibility and responsibility has changed the game for them.”
— Sarah Ward, Chief Legal Officer, Chainalysis
The Role of the GC as Cyber Risk Leaders
“The role of the GC in cyber incidents isn’t just about legal risk — it’s about ensuring business continuity and protecting corporate integrity.” — Somya Agarwal, Group General Counsel, Tractal Analytics
“Regulators expect businesses to demonstrate not just compliance, but a proactive approach to managing cyber risk. GCs are key to making that case.”
— Cheng Lim, Partner, King & Wood Mallesons
“Cross-border data compliance is one of the biggest challenges today. GCs must align global governance strategies while managing jurisdiction-specific regulations.”
— Cheng Lim, Partner, King & Wood Mallesons
” GCs and CISOs must work in lockstep. The GC’s legal oversight helps CISOs navigate risk disclosure, while the CISO’s technical expertise ensures legal teams fully understand the threats they’re addressing.”
— Andrew Stephens, General Counsel, MongoDB
The Role of AI in Cyber Leadership
“We are moving from AI as an efficiency tool to AI making autonomous security decisions. That shift is both powerful and risky. The future of cyber leadership will be about striking the right balance — trusting AI while maintaining human oversight.”
— Timothy Youngblood, CISO, Astrix Security (Former CISO, McDonald’s)
“Cybersecurity isn’t about avoiding risk — it’s about managing it intelligently. The future belongs to leaders who make cyber resilience a competitive advantage.”
— Adam Fletcher, CISO, Blackstone
What’s next? Download the Cyber Leadership Playbook
The insights shared during the summit reinforced one clear takeaway: cyber risk must be a leadership priority, not just a technical issue.
For a deeper dive into expert strategies, including best practices for board reporting, aligning security & legal teams, and leveraging technology for cyber resilience, get your free copy of the Cyber Leadership Playbook!