Cybersecurity Insights with Contrast CISO David Lindner | 04/18/25

Insight No. 1 — CVE program’s near-death exposes security's single point of failure

The recent near-halt of the CVE program due to funding issues highlights a critical vulnerability in our industry's reliance on single points of failure. While CISA's extension averted immediate crisis, it exposed the potential for security's foundational elements to be disrupted. As security leaders, we must advocate for more resilient, diversified support systems for essential security programs and proactively address systemic issues like the Common Vulnerability and Exposure (CVE) backlog. This situation demands we revisit our single points of failure and reinforces the need for contingency plans to ensure the continued stability of our security ecosystem.

Insight No. 2 — Does your cyber policy have your back?

You've got to really know your cyber insurance policy. Just having one isn't enough. Make sure it's a solid fit for your specific risks, what the regulators expect and what you've promised in contracts. Regular check-ups on your policy are key: Understand exactly what's covered (and what's not), and ascertain that your policy will actually have your back if things go south.

Insight No. 3 — Speak their ROI language to unlock board buy-in for security

When talking to the board, skip the tech jargon and doom-and-gloom scenarios. They want clear, concise updates on the actual business risks we're managing and how our security strategy supports the company's goals. Focus on the ROI of security investments, use metrics they understand (think financial impact) and be upfront about what keeps you up at night – but always with a plan for how you're tackling it. Basically, speak their language, be transparent and show them security is a business enabler, not just a cost center.