Accountability for security became clearer once cyber performance showed up in C-suite goals, metrics, and annual incentives. This gave the CISO more influence. Conversations about weak software development, phishing threats, and vendor due diligence hit harder when framed in terms of budgets, bonuses, and brand reputation rather than just technical risk.
As the role evolves, the CISO needs to remain front and center in risk management discussions. There’s an opportunity for more consideration of cyber risk outside of the information security team, just like a lot of financial risk is managed outside of the finance team.
What are your plans in retirement to continue advising companies on staying innovative and strengthening cybersecurity?
Meg Anderson: I’m currently advising a few companies—not through formal engagements, but by mentoring cybersecurity leaders. It’s been incredibly rewarding to help them navigate career decisions and leadership challenges. It’s less about telling them what to do and more about helping them think through the “why” and “how.”
