Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

In boardrooms across America, members are slowly starting to notice the proliferation of cyber-attacks. It is one thing to recognize the danger, quite another to do something about it.

Board members may ask, how does a company's risk profile compare to others? What is a reasonable amount of money to budget for cybersecurity? What about company growth & change? Are there tools to use to approximate risk level?

Today, Ben Scudera from Fortreum jumps feet first and answers the tough questions Ben admits that financial estimates are always difficult, he suggests a typical spend of ½ % - 2% of a company's annual budget for a typical company. If you are in a regulated environment, perhaps one like a hospital or bank, you may need to revise that estimate.

Risk prioritization will have to vary based on the circumstances of each organization. Some start at a weak baseline, others can be quite safe.

Even if you are secure, what happens in the future is your company acquires another? What about drastic growth in sales and plant expansion? How to keep up with new attack vectors?

Ben's goal is to provide an understanding of the threat without any scare tactics. One approach is to use a guideline from Fortreum's Cyberfoundation that includes eighteen metrics. This view allows leaders to prioritize remediation efforts.

He highlights the importance of continuous risk management and education to combat evolving threats like ransomware and phishing attacks.

Here is a link to the guidelines from Fortreum: