The GC, with their comprehensive understanding of the organization's values, culture, and priorities, can provide a holistic view that the CISO might not possess. On the other hand, the CISO, with their technical expertise, can help the GC comprehend the intricacies of cyber risk. Together, they can craft a cybersecurity strategy that aligns with the organization's risk tolerance and objectives.

Anthony J. Ferrante, a senior managing director and global head of cybersecurity at FTI Consulting, likens cybersecurity to physical security, emphasizing that it is a form of risk management. He believes that the GC should lead the efforts to shape how the organization perceives, assesses, and addresses risk

The GC and CISO can also facilitate layered conversations about cybersecurity. For instance, they can discuss how long it takes to patch a critical vulnerability, a common issue that organizations face. They can also determine whether patching is being appropriately assigned based on the organization's risks and whether the right resources are being prioritized.

The GC can also foster a task-force mentality to tackle cyber risk, involving stakeholders from across the organization, and even outside it, in the cybersecurity and incident response plan. This approach ensures a comprehensive view of potential risks, keeping pace with the evolving tactics of threat actors.

Creating a culture of trust and transparency is another crucial aspect of cybersecurity. Sonia Cheng, who leads the EMEA information governance privacy and security practice at FTI Consulting, emphasizes the importance of encouraging employees to communicate concerns without fear of reprisal. This culture should extend to the board and upper management, promoting honest and open conversations about the risks they face and how to mitigate them.