Tenable Collaborates with Leading CISOs to Develop a Proactive Risk Management Framework for Exposure Management

Singapore, September 22, 2025 — The Exposure Management Leadership Council, a new working group dedicated to the development and advancement of principles, best practices, policies, and frameworks for exposure management, was established today by Tenable® (NASDAQ: TENB), the exposure management company. The Council, which is comprised of Chief Information Security Officers (CISOs) and cybersecurity leaders from prominent global organisations in a variety of sectors, such as insurance, technology, transportation, legal, and consumer packaged foods, is dedicated to the development of exposure management into a widespread proactive security discipline that demonstrates a significant reduction in the cyber exposure of organisations.

The council has published a new report titled “Board meetings and the dreaded cyber risk update: a use case for exposure management,” which summarises the highlights, anecdotes, and insights from the inaugural meeting. The report examines the critical communication divide between security leaders and their boards of directors and proposes a new course of action.

The report identifies a persistent divergence in the boardroom that impedes organisations’ capacity to effectively manage and mitigate cyber risk during a period of increased regulatory scrutiny and exposure. CISOs have historically shared security operations metrics during quarterly board meetings, which have failed to accurately capture and communicate an organisation’s true cyber exposure. This is largely due to the fact that these metrics are derived from disparate, siloed security tools. Consequently, the disconnect exists.

Bob Huber, Chief Security Officer at Tenable and Chair of the Exposure Management Leadership Council, stated, “Exposure management is a strategic driver of organisational success. Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation’s most pressing exposures and articulate their potential business impact.”

Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas and member of the Exposure Management Leadership Council, added, “Exposure management can help CISOs bridge the boardroom communication gap. While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes.”

To read the inaugural report, “Board meetings and the dreaded cyber risk update: a use case for exposure management,” please visit this link.