Title: Getting the Most Business Value for Your Cybersecurity Spending (2026 Update)
 

Description: Cybersecurity budgets keep climbing. The question for every CFO is whether each new dollar is buying real protection or just paperwork. This 2026 update walks through Core CR-MAP, the framework I use to grade cybersecurity spend. It is built on Marsh McLennan's research across thousands of real breaches: which 12 controls actually reduce breach likelihood, ranked by signal strength. Network hardening, EDR, and logging and monitoring lead the list. MFA is not where most people assume. Two new threads are woven in this year: how to evaluate vendor risk before it shows up on your balance sheet, and how to read a cyber insurance policy so the coverage actually pays out when something goes wrong. You'll leave with a practical way to grade your current spend and decide what to renew, what to cut, and what to add.
 

Bio: Kip Boyle is the fractional Chief Information Security Officer for several companies. He helps senior decision-makers manage cybersecurity and AI risk so they can keep their focus on what matters most to their business. Kip has served as a Captain with the F-22 program in the US Air Force. In the private sector he was a CISO for an insurance company, credit card processor, bank, credit union, and IT managed service provider. He is the author of the best-selling "Fire Doesn't Innovate: The Executive's Practical Guide to Thriving in the Face of Evolving Cyber Risks," and his next book, "Gears Don't Guess: The Executive's Practical Guide to Thriving in the Face of AI Hype and Risk," publishes in fall 2026 and gives senior decision-makers a concrete playbook for managing AI risk. He co-hosts the popular Cyber Risk Management Podcast with Jake Bernstein, J.D. He lives in Seattle with his wife and six kids.