Telecom Cyberattack Shows That Security Risk Is Operational Risk

The recent attack on U.S. telecommunications networks isn't just a wake-up call. I see it as another example of how cybersecurity failures are now threats to operational integrity and even national security.  

In early October, U.S. government officials confirmed that Chinese hacker group Salt Typhoon breached U.S. telecom companies, including AT&T, Verizon, and Lumen. They got broad access to the networks and general internet traffic. But their major target was the providers’ wiretap systems which the federal government uses to collect intelligence.

When cyberattacks get access to not just one but three of the country’s largest internet service providers – and systems tied to federal wiretaps – we’re seeing firsthand that cyber risk equals operational risk.  

Boards know this. They’re no longer interested in just cybersecurity status updates. They want to see proof that the organization’s security strategy is prepared for the next inevitable breach.  

That’s why today’s security leaders must bring hard data to the table. They have to show how each security effort protects and strengthens the business. Zero Trust principles have never been more crucial in building and protecting these critical infrastructures.

If you’re in charge of a security team, here’s a guide to help you talk in a way that makes sense to the board and show that cybersecurity is a key part of keeping the business strong.

Anchor security in business goals, not security jargon

You can’t connect with the board by diving into the tech. Start with business goals. That’s what boards care about.  

When you start with these goals in mind, security stops being just a checklist and becomes a key part of helping the business succeed. A Zero Trust approach makes this easier by focusing on protecting important assets that are directly connected to business goals, no matter where they are on the network or who is accessing them.

Say the business aims to drive operational efficiency. Don’t pitch your security initiative as, “We need to implement microsegmentation.” Instead, tell the board, “By segmenting our network, we’ll reduce manual security work and minimize downtime which will make our operations significantly more efficient.”

Connect security directly to what the business is trying to achieve and watch the conversation shift. Security becomes a strategic advantage, not just another line item.

A cybersecurity company's board

Prove ROI with tangible, measurable gains

Organizations are pouring billions into security tools. Yet, costly breaches are still happening. IBM’s 2024 Cost of a Data Breach report put last year’s average cost at $4.45 million. Can your organization afford that?

Boards want to know exactly what they’re getting for those investments. A Zero Trust strategy, with their emphasis on a "trust but verify” approach, can provide a clear, measurable path to resilience.

Every security dollar should drive measurable gains. Connect your budget requests to real resilience benefits like better operational continuity, faster response times, or stronger ransomware preparedness. Show how each investment bolsters the organization’s security posture and reduces risk in concrete terms.

This isn’t just about building trust with the board; it’s about ensuring your program’s funding.

Talk about cyber risk as business risk

Security leaders know that cyber risk is business risk. But are we always communicating that to leadership?

Not enough, according to Harvard Business Review. They report that less than half of board members have regular touchpoints with their CISOs. That disconnect costs everyone.

To close the gap between the board and your security team, stop talking tech — start talking impact.

Use a globally validated strategy Zero Trust to give a clear picture of your path towards reducing risk. Then, show how it directly supports the business’s top-line growth and bottom-line protection.

Your goal should be making it easier for business leaders to see security initiatives as contributions to the organization’s resilience and success.

Two cybersecurity professionals talking

Winning cybersecurity buy-in from the boardroom and beyond  

The Salt Typhoon attack on U.S. telecommunications isn’t just another headline. It’s real-world proof that cybersecurity is essential to our operational backbone, business success, and national security.  

This incident underscores a hard truth: Cyber risk is business risk, and it demands a strategic, not just a technical, response.  

This is where a Zero Trust approach becomes indispensable. Zero Trust enables security leaders to translate cybersecurity initiatives into business resilience that business stakeholders understand and value.

With Zero Trust, we’re no longer hoping we’re prepared when the alarm sounds — we’re ensured that we are.

This week, the Zero Trust Hub will feature:

  • An it-daily.net interview with John Kindervag reflecting on Zero Trust’s evolution since 2010.
  • Mario Espinoza's feature in TechCrunch highlighting the critical role of breach containment in modern cybersecurity.
  • The first-ever Illumio World Tour bringing you three cybersecurity education summits this November and February! Join us for exclusive, hands-on learning and expert insights into Zero Trust Segmentation.

Raghu Nandakumara

Head of Industry Solutions

Ready to learn more about Zero Trust Segmentation?

Ready to learn more about Zero Trust Segmentation?