For many years, cybersecurity awareness and fear have been walking hand in hand. Basically, if you didn't address cybersecurity, then the big bad hackers would come and get you (and your data, and your bottom line?). It's met with varying degrees of success, and has proved especially tricky when CISO had to demonstrate that the risk was indeed ahead and could not be assessed based on previous experience.
More recently, ANSSI's director Guillaume POUPARD asked the CISO community to stop resorting to fear to promote cybersecurity, but instead to sell it as a strategic asset, fully part of business strategy.
Easier said than done?
Franz Regul, CISO, Société Générale - Oppens