
In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for.
Drawing on nearly four decades in cybersecurity, including time as a CISO and 14 years as a Gartner analyst, he argues that boards fund ERM when they can see how risk intelligence improves business decisions, not when someone asks for better governance.
The talk covers how to learn what your board values, whether cost savings, compliance, resilience, or growth, and how to speak in that currency. Young describes turning ERM into a decision system that ties risk to revenue, capital allocation, and concentration. He explains the metrics boards grasp, such as third-party blast radius and dwell time, and stresses honesty about data freshness and confidence. The goal is one combined view of risk that represents the whole business.



