This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Hey everyone. I'm Drex and this is the two minute drill. It's great to see you today. Here's some stuff you might wanna know about. I was at a 2 29 CISO Summit this past week with about 15 execs in the room, and at one point we asked a really simple question, what's the single most important KPI for a ciso?

And the answer came back kind of fast. Don't get breached. Fair enough. That's been the bar for a long time, but as the conversation went on, something more interesting kind of surfaced because not getting breached isn't actually the goal anymore, ensuring resilience. Is the new goal. Now, why is that? Well, cyber incidents used to be technical problems.

Today, though more than ever, they're financial events. One breach can trigger disclosure obligations and regulatory scrutiny from both the state and the feds and entrance fights, and a long-term hit, obviously to valuation and trust. And that's when the problem moves out of the IT department, out of the security department and lands squarely on the CFO's desk.

Boards aren't asking what security tools did we buy? Boards are asking what happens to revenue and operations and confidence and our patients and families if systems go down tomorrow. That's not a cyber question, that's a finance question. And regulators are watching more closely, and insurers are demanding proof of modern controls before they'll write policies.

And donors are asking a lot more questions than ever before, before they write a check. And communities are paying attention to not just whether an organization was hit, but how well it absorbed the impact and how well it kept operating. Which brings me back to that KPI breaches are inevitable. Outages happen, people click things.

Third parties who are critical to clinical and business workflow, um, wind up failing and failing us. But resilience is what determines whether a cyber incident becomes a footnote or a financial crisis. Resilience is now clearly part of financial stewardship. CFOs. If one of your closest allies isn't your ciso, you're ignoring an internal partner who can help you be successful.

Security isn't a cost center anymore. It's a revenue protector. It's a patient safety requirement, and the organizations that win won't be the ones that demand no breach as the KPI. It'll be the ones where the CFO and the CISO execute a plan to keep operations running smoothly even when bad things happen.

You can read more on that story and a lot of other stories on healthcare tech and digital innovation and security news at this week. health.com/news. And don't forget, we're the end of the week. I publish a written version of this show. It's called The Two Minute Drill Extra. It's for people who would rather read their podcasts.

It's a collection of all the week's hottest stories and a transcript of this show. I'll put a link in the comments section for all the extra newsletters. I hope you'll check them out. And that's it for today's two minute drill. Thanks for being here. Stay a little paranoid and I will see you around campus.