What boards need to hear about cyber risk, and what they don’t

In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board members and what does not.

He links cryptography, certificates, and authentication to business outcomes like revenue loss, outages, fraud, and regulatory exposure. Kaushal breaks down the digital trust layer and explains why failures in keys, certificates, or access controls often lead to visible business damage. He challenges common assumptions about encryption, backups, and post-quantum readiness, and explains why these areas need ongoing management.

The video also outlines practical metrics boards can ask for, including inventory coverage, automation levels, response times, and authentication coverage. Kaushal closes by reframing cyber security as operational readiness and risk management, giving boards a way to govern trust without getting lost in technical detail.