Changing cybersecurity risk language - AWS Prescriptive Guidance

Changing cybersecurity risk language

Part of the challenge of adopting positive risk for cybersecurity is that the technical and domain-specific terminology is focused on negative risk, such as threats, vulnerabilities, and security controls. The cybersecurity industry must evolve and expand its vocabulary to include language that emphasizes the positive business outcomes (or positive risks) that cybersecurity brings to the business. Terms such business advantage, benefits, and business value highlight cybersecurity’s contribution to the organization.

Changing the language of cybersecurity helps change the perception that cybersecurity is a technology area focused exclusively on threats and vulnerabilities and that it is untethered from the business. Business leadership commonly underestimates the contribution of cybersecurity to positive business outcomes. For more information about the perception of cybersecurity by leadership, see Promoting positive outcomes.