A CISO’s Guide to Winning Over the Board During Budget Conversations

As security budget growth lags behind broader IT and operational spending, CISOs are under greater pressure than ever to do more with less. Boards still view cybersecurity as a cost center rather than a driver of operational resilience or efficiency, making them even less inclined to approve large budgets. At the same time, the threat landscape is evolving beyond familiar foes like ransomware to include emerging risks such as AI misuse, third-party vulnerabilities, and quantum decryption security challenges. So how can CISOs make defensible, forward-looking budgeting decisions in an environment of tightening spend and expanding uncertainty? In this session, Chris Wheeler, CISO at cyber risk solutions company Resilience, will share practical strategies for navigating budgeting with confidence. He’ll explore how CISOs can translate technical needs into the financial language boards understand, quantify emerging risks in business terms, and invest wisely in areas that will matter most in the years ahead. Chris’ advice to CISOs will span several areas: Budgeting amid flat growth: What today’s “normal” looks like for security budgets and how to align spend to actual risk. Anticipating what’s next: How to identify and fund emerging risks (from AI and vendor dependencies to quantum readiness) before they appear in compliance frameworks. Building defensible budgets: The best techniques for scenario modeling, tabletop exercises, and risk assessments that justify spend and prepare CISOs for board scrutiny. Speaking the board’s language: How to reframe cybersecurity risks as business and operational risks by connecting security investments to financial outcomes and risk reduction. Attendees will leave with actionable tools to bridge the communication gap with their boards, strengthen financial credibility, and ensure their budgets reflect both today’s and tomorrow’s risks.