The Evolution from Governance, Risk & Compliance to Cyber Risk Governance | A Conversation with John Sapp | Redefining CyberSecurity Podcast with Sean Martin

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On Linkedin | https://www.linkedin.com/in/johnbsappjr/On Twitter | https://www.twitter.com/czarofcyber____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources ____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.