REUTERS

By Bambi Escalante

CYBER RISK is no longer episodic — it is persistent, stealthy, and accelerating. The widespread use of artificial intelligence by cybercriminals is transforming the threat landscape, enabling faster and more covert attacks that evade traditional defenses. At the same time, growing information technology (IT) complexity — from cloud and hybrid infrastructure to identity and the Internet of Things — has made detection and response more difficult, especially for stretched security teams.

The consequences of a breach now extend far beyond technical disruption. Cyberattacks are resulting in reputational damage, regulatory penalties, data loss, operational downtime, and significant financial impact. In some cases, a single incident has led to leadership accountability, legal consequences, or erosion of customer trust. For business leaders, the question is no longer if an attack will happen, but how prepared their organization is to withstand it.

However, many organizations are still playing catch-up. Fragmented tools, limited visibility, and talent shortages are leaving critical gaps in their cyber defenses. In this high-stakes environment, cybersecurity can no longer be treated as just an IT function. It must be elevated to a boardroom priority, where directors take an active role in driving strategy, investments, and long-term resilience.

While awareness of cybersecurity at the board level is growing, sustained progress requires security leaders to guide that engagement with clear, actionable steps. The following approaches can help translate awareness into strategic commitment and ensure that cybersecurity becomes a long-term business priority led from the top.

1. Align cybersecurity initiatives with board priorities – Security leaders must align cybersecurity strategies with the board’s primary concerns: managing risk and enabling business growth. Cyber initiatives should be positioned as enablers of these objectives to gain board-level backing. For example, when presenting new security investments, frame them in terms of reducing risk exposure, ensuring business continuity, or meeting compliance obligations — each of which protects both revenue and reputation. It’s equally important to demonstrate how cybersecurity can unlock new opportunities. A strong security foundation can enable digital innovation, build customer trust, and support expansion into new markets.

2. Strengthen cybersecurity awareness at the board level – Fortinet’s research shows that a key barrier to cybersecurity progress is the lack of understanding among leadership about where and why to invest. Security leaders should encourage board-level training and briefings to build familiarity with emerging threats, regulatory requirements, and the strategic value of cybersecurity. A more informed board can make smarter decisions, and, by setting the right tone at the top, can help embed a culture of security across the organization. This empowers every employee to play a part in protecting the business.

3. Communicate cybersecurity risks effectively – Cybersecurity is often laden with technical jargon that can hinder effective board discussions. Security leaders must translate threats, risks, and priorities into business language, focusing on outcomes like financial impact, operational risk, and reputational consequences. This clear, outcomes-driven communication enables the board to better assess security posture, allocate resources wisely, and act with confidence.

4. Elevate cybersecurity as a core business priority – To secure ongoing investment, cybersecurity must be positioned as a business enabler, not a budget line item. Frame the discussion around resilience, risk reduction, and strategic advantage. This shifts the conversation from reactive defense to proactive value creation. Long-term commitment from the board — whether in technologies, processes, or skilled professionals — is essential to defend against increasingly covert and coordinated threats.

5. Optimize costs through consolidation and efficiency – Cybersecurity investments must also resonate with broader business objectives like cost efficiency and environmental, social, and governance alignment. Security leaders can highlight how consolidating vendors and platforms simplifies operations, reduces overhead, and strengthens visibility. They can also address the cybersecurity skills shortage by advocating for automation and managed services that allow lean teams to do more with less, while aligning with sustainability goals through more efficient infrastructure.

In today’s hyper-connected world, cybersecurity is not just a technical function — it’s a business imperative that demands leadership from the very top. As threats grow more sophisticated and the consequences more severe, board members have a crucial role to play in shaping a resilient, forward-looking security strategy. With the right insights, clear communication, and strategic investments, organizations in the Philippines can turn cybersecurity into a source of strength — protecting what matters most while enabling innovation, trust, and long-term growth.

 

Bambi Escalante is the country manager of Fortinet Philippines.

RELATED ARTICLESMORE FROM AUTHOR