The top 20 expert quotes from the Cyber Risk Virtual Summit
The Cyber Risk Virtual Summit 2025 brought together (online!) nearly 4,500 cybersecurity, risk and governance leaders from around the world to discuss the evolving threat landscape, regulatory challenges and the future of cyber leadership.
From CISOs to general counsels to board directors, a common theme emerged: cyber risk is no longer just a security issue — it’s a business and governance imperative. Organizations must move beyond reactive defense to proactive, strategic cyber resilience, ensuring CISOs, GCs, and boards work together to navigate increasing AI-driven threats and regulatory scrutiny.
We’ve rounded up some of the most insightful, thought-provoking, and practical quotes from the event, grouped by key themes.
🤝CISO-GC-Board collaboration
“If the GC and CISO always agree, something is wrong. You need a bit of tension — it means you’re working through the issues before they become a crisis.”
— Craig Rogers, Partner, Eversheds Sutherland
“When the CISO and GC present cyber risk together, it validates the message. The board sees two key voices aligned, which builds trust and drives action.”
— Natalie Salunke, General Counsel (Likezero) & Board Advisor
— Hussein Bahgat, Group CISO, UAE Bank
“Boards must recognize cybersecurity as a business risk, not just an IT issue. GCs play a vital role in embedding resilience into governance.”
— Kay Pang, Board Director, Grand Bank Yachts
🎞️ Watch on demand: View sessions like ‘CISOs & GCs Unite’ and all other expert roundtables from the Cyber Risk Virtual Summit at our dedicated event video hub.
👨💻 The role of the CISO
“CISOs must translate risk into a language the board understands. Instead of talking about encryption, explain how it prevents financial and reputational loss.”
— Lavonne Burke, VP of Legal, Global Security, IT & AI, Dell
“Rapport isn’t built in a crisis. CISOs need to engage the board before an attack happens, educating them and establishing trust.”
— Matt Malone, Board Director & Former Partner (Head of Risk Consulting), KPMG UK
“CISOs need to frame cybersecurity as a business enabler, not just a cost center. Show how security investments drive customer trust and long-term resilience.”
— Myrna Soto Founder & CEO, Apogee Executive Advisors, Board Director and Former CISO, Comcast
"CISOs were never trained to think about public company reporting and disclosure—this new level of visibility and responsibility has changed the game for them."
— Sarah Ward, Chief Legal Officer, Chainalysis
All these insights & much more...
Packed with tips from cybersecurity & governance leaders, our guide offers a practical roadmap for CISOs, general counsels & board members to collaborate more effectively.
Get the Cyber Leadership Playbook⚖️The role of the GC
“The role of the GC in cyber incidents isn’t just about legal risk — it’s about ensuring business continuity and protecting corporate integrity.” — Somya Agarwal, Group General Counsel, Tractal Analytics
“Regulators expect businesses to demonstrate not just compliance, but a proactive approach to managing cyber risk. GCs are key to making that case.”
— Cheng Lim, Partner, King & Wood Mallesons
“Cross-border data compliance is one of the biggest challenges today. GCs must align global governance strategies while managing jurisdiction-specific regulations.”
— Cheng Lim, Partner, King & Wood Mallesons
" GCs and CISOs must work in lockstep. The GC's legal oversight helps CISOs navigate risk disclosure, while the CISO's technical expertise ensures legal teams fully understand the threats they’re addressing."
— Andrew Stephens, General Counsel, MongoDB
🤖The role of AI in cyber leadership
“We are moving from AI as an efficiency tool to AI making autonomous security decisions. That shift is both powerful and risky. The future of cyber leadership will be about striking the right balance — trusting AI while maintaining human oversight.”
— Timothy Youngblood, CISO, Astrix Security (Former CISO, McDonald’s)
“Cybersecurity isn’t about avoiding risk — it’s about managing it intelligently. The future belongs to leaders who make cyber resilience a competitive advantage.”
— Adam Fletcher, CISO, Blackstone
— Keith Enright, Partner, Gibson, Dunn & Crutcher (Former Chief Privacy Officer, Google)
💼 Board-level cyber governance & oversight
“If cybersecurity isn’t on the board calendar, it won’t get the attention it deserves. It must be embedded into governance structures like any other critical business risk.”
— Colin Low, Independent Board Director, AET
“Cybersecurity is like brakes on a car — it’s not there to stop you, it’s there to give you control and confidence to move forward safely.”
— Guillaume Noé Head of Cyber Resilience, Queensland State Government
"Cybersecurity tabletop exercises expose the gaps. You can have a beautifully written incident response plan, but if you don't test it, you'll realize too late that key decision-makers are missing when a crisis hits."
— Sarah Ward, Chief Legal Officer, Chainalysis
📊 On the role of GRC technology in cyber resilience
"With a centralized platform, we now have instant visibility into cyber risks. It transformed how we communicate with leadership, ensuring we focus on what truly matters."
— Parrish Gunnels, CISO, Sunflower Bank
“The board now has a clear, structured understanding of our cybersecurity posture. Our risk discussions are more productive, and leadership feels more engaged in our strategy.”
— Deanna Robinson Governance Risk & Compliance Manager, Sonoco Products
— James Wade, First Vice President & CISO, MCS
📥What’s next? Download the Cyber Leadership Playbook
The insights shared during the summit reinforced one clear takeaway: cyber risk must be a leadership priority, not just a technical issue.
For a deeper dive into expert strategies, including best practices for board reporting, aligning security & legal teams, and leveraging technology for cyber resilience, get your free copy of the Cyber Leadership Playbook!
More to explore
CISOs and GCs Unite: Collaborating for stronger cyber risk management and compliance
How CISO-GC collaboration supports effective cyber risk management and strategic business initiatives
"We’re not just checking boxes": CISOs share how GRC technology is reshaping cyber risk management
Cybersecurity leaders share how GRC platforms provide actionable insights for proactive risk management and strategic decision-making.
Top sessions you can't afford to miss from the Cyber Risk Virtual Summit
Get the latest trends and best practices to tailor your cyber risk strategy with our on-demand, expert-led sessions.
