Blog
/
Risk & Strategy
Jay Cameron Image
Jay Cameron
Director, Product Marketing, Diligent

The top 20 expert quotes from the Cyber Risk Virtual Summit

February 28, 2025
0 min read
Screen of multiple work colleagues on video call

The Cyber Risk Virtual Summit 2025 brought together (online!) nearly 4,500 cybersecurity, risk and governance leaders from around the world to discuss the evolving threat landscape, regulatory challenges and the future of cyber leadership.

From CISOs to general counsels to board directors, a common theme emerged: cyber risk is no longer just a security issue — it’s a business and governance imperative. Organizations must move beyond reactive defense to proactive, strategic cyber resilience, ensuring CISOs, GCs, and boards work together to navigate increasing AI-driven threats and regulatory scrutiny.

We’ve rounded up some of the most insightful, thought-provoking, and practical quotes from the event, grouped by key themes.

🤝CISO-GC-Board collaboration

“If the GC and CISO always agree, something is wrong. You need a bit of tension — it means you’re working through the issues before they become a crisis.”

Craig Rogers, Partner, Eversheds Sutherland

“When the CISO and GC present cyber risk together, it validates the message. The board sees two key voices aligned, which builds trust and drives action.”

Natalie Salunke, General Counsel (Likezero) & Board Advisor

“A CISO who can’t communicate risk in business terms risks losing the board’s attention. The GC can be a key ally in translating technical risk into governance priorities.”

Hussein Bahgat, Group CISO, UAE Bank

“Boards must recognize cybersecurity as a business risk, not just an IT issue. GCs play a vital role in embedding resilience into governance.”

Kay Pang, Board Director, Grand Bank Yachts

🎞️ Watch on demand: View sessions like ‘CISOs & GCs Unite’ and all other expert roundtables from the Cyber Risk Virtual Summit at our dedicated event video hub.

👨‍💻 The role of the CISO

“CISOs must translate risk into a language the board understands. Instead of talking about encryption, explain how it prevents financial and reputational loss.”

Lavonne Burke, VP of Legal, Global Security, IT & AI, Dell

“Rapport isn’t built in a crisis. CISOs need to engage the board before an attack happens, educating them and establishing trust.”

Matt Malone, Board Director & Former Partner (Head of Risk Consulting), KPMG UK

“CISOs need to frame cybersecurity as a business enabler, not just a cost center. Show how security investments drive customer trust and long-term resilience.” 

Myrna Soto Founder & CEO, Apogee Executive Advisors, Board Director and Former CISO, Comcast

"CISOs were never trained to think about public company reporting and disclosure—this new level of visibility and responsibility has changed the game for them."

— Sarah Ward, Chief Legal Officer, Chainalysis

All these insights & much more...

Packed with tips from cybersecurity & governance leaders, our guide offers a practical roadmap for CISOs, general counsels & board members to collaborate more effectively.

Get the Cyber Leadership Playbook

⚖️The role of the GC

“The role of the GC in cyber incidents isn’t just about legal risk — it’s about ensuring business continuity and protecting corporate integrity.” Somya Agarwal, Group General Counsel, Tractal Analytics

“Regulators expect businesses to demonstrate not just compliance, but a proactive approach to managing cyber risk. GCs are key to making that case.”

Cheng Lim, Partner, King & Wood Mallesons

“Cross-border data compliance is one of the biggest challenges today. GCs must align global governance strategies while managing jurisdiction-specific regulations.”

Cheng Lim, Partner, King & Wood Mallesons

" GCs and CISOs must work in lockstep. The GC's legal oversight helps CISOs navigate risk disclosure, while the CISO's technical expertise ensures legal teams fully understand the threats they’re addressing."

— Andrew Stephens, General Counsel, MongoDB

🤖The role of AI in cyber leadership

“We are moving from AI as an efficiency tool to AI making autonomous security decisions. That shift is both powerful and risky. The future of cyber leadership will be about striking the right balance — trusting AI while maintaining human oversight.”

Timothy Youngblood, CISO, Astrix Security (Former CISO, McDonald’s)

“Cybersecurity isn’t about avoiding risk — it’s about managing it intelligently. The future belongs to leaders who make cyber resilience a competitive advantage.”

Adam Fletcher, CISO, Blackstone

"AI is accelerating both cyber threats and regulatory responses. Policymakers are scrambling to put guardrails in place, but the pace of innovation is making it harder than ever to keep up."

Keith Enright, Partner, Gibson, Dunn & Crutcher (Former Chief Privacy Officer, Google)

💼 Board-level cyber governance & oversight

“If cybersecurity isn’t on the board calendar, it won’t get the attention it deserves. It must be embedded into governance structures like any other critical business risk.”

Colin Low, Independent Board Director, AET

“Cybersecurity is like brakes on a car — it’s not there to stop you, it’s there to give you control and confidence to move forward safely.”

— Guillaume Noé Head of Cyber Resilience, Queensland State Government

"Cybersecurity tabletop exercises expose the gaps. You can have a beautifully written incident response plan, but if you don't test it, you'll realize too late that key decision-makers are missing when a crisis hits."

— Sarah Ward, Chief Legal Officer, Chainalysis

📊 On the role of GRC technology in cyber resilience

"With a centralized platform, we now have instant visibility into cyber risks. It transformed how we communicate with leadership, ensuring we focus on what truly matters."

Parrish Gunnels, CISO, Sunflower Bank

“The board now has a clear, structured understanding of our cybersecurity posture. Our risk discussions are more productive, and leadership feels more engaged in our strategy.”

— Deanna Robinson Governance Risk & Compliance Manager, Sonoco Products

“Through Diligent, we’ve been able to identify areas of weakness, where we need to shore up our cyber risk management, and we’ve also been able to elevate information up to our boards. Our mission is to be good stewards of our clients’ information, and with the Diligent platform, we’ve been able to do that.”

James Wade, First Vice President & CISO, MCS

📥What’s next? Download the Cyber Leadership Playbook

The insights shared during the summit reinforced one clear takeaway: cyber risk must be a leadership priority, not just a technical issue.

For a deeper dive into expert strategies, including best practices for board reporting, aligning security & legal teams, and leveraging technology for cyber resilience, get your free copy of the Cyber Leadership Playbook!

security

Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.

© 2025 Diligent Corporation. All rights reserved.