Learn more about
cyber control.
Focus on what's relevant
- the rest is noise
Use the filters to narrow down articles based on your company size, industry sector, and areas of focus.
Company size
150-250 employees
SmallMediumEnterprise
Focus area
Frequently Asked Questions
Do we need to hire a CISO to use Hugin properly?
No. Hugin helps you operate with CISO-level structure without needing a full internal security team.
We have suppliers and cloud services everywhere — can we still get control?
Yes. Hugin is a cyber specialist, not trying to sell you other types of solutions. We help you understand your exposure across SaaS, cloud, and suppliers so you're not guessing.
How can Boards shift cybersecurity from an IT issue to a strategic priority?
Make it a standing agenda item, require regular CISO updates in business terms, and govern cyber risk like financial or legal risk, with clear thresholds and decisions.
How should cybersecurity performance be measured at the Board level?
Track a small set of outcome-based KPIs—detection and recovery times, unresolved critical vulnerabilities, backup restore success, and supplier coverage.
What metrics should Boards use to monitor cybersecurity effectiveness?
Boards should monitor incident detection and response times, number of unresolved vulnerabilities, frequency of security training completion, and compliance status with key frameworks. These metrics translate technical security performance into business risk indicators that support informed governance decisions.
Should cyber oversight reside with the full Board or a dedicated committee?
Cyber oversight can be handled by either the full Board or a dedicated committee, depending on organizational size and complexity. The key is ensuring adequate expertise and regular evaluation to maintain effective governance regardless of the chosen structure.
How often should the Board receive cyber reporting?
Boards should receive updated reporting on cyber exposure and cybersecurity at least quarterly, with immediate notification protocols for significant incidents. Monthly updates may be appropriate during high‑risk periods or following major security incidents that require ongoing oversight attention.
How does cyber strategy align with overall risk tolerance?
Your cyber assessment must map controls and investments to the Board's defined risk acceptance levels and business objectives, with regular reviews to ensure protection levels reflect acceptable disruption and financial loss thresholds.
Cyberspeak is far more complicated than it needs to be
Cybersecurity is filled with acronyms, technical jargon, and complex concepts that can feel overwhelming. We believe understanding your security posture shouldn't require a computer science degree.
Glossary
Search our collection of cyber related terms and concepts.
Business Email Compromise (BEC)Fraud using trusted email identities to trick finance or leadership into sending money or data.
Business ImpactThe potential operational, financial, or reputational damage a cyber incident could cause.
Business ContinuityThe ability to maintain essential functions during and after a cyber incident.
SMBSmall and Medium-sized Business — organizations typically with fewer than 250 employees, often facing unique cybersecurity challenges due to limited resources and expertise.
Crown JewelsThe few systems or datasets that would seriously damage the business if compromised.
Risk AppetiteThe level of cyber risk the company is willing to accept to achieve business goals.
PhishingDeceptive emails or messages designed to trick employees into revealing credentials or clicking malicious links.
MalwareAny software designed to harm, exploit, or otherwise compromise your systems.
Enterprise Risk Management (ERM)The broader discipline of managing all business risks — cyber is one category that must map to business outcomes.
Insider RiskThreats from people with legitimate access — malicious, negligent, or compromised.
Get personalized
guidance for your
organization
Talk to us
Markus Færevaag
Founder & CTO
Founder & CTO