How to get to that culture of openness is the problem. In general, Business has no wish to understand Security, that’s what it pays CIOs and CISOs to do. CISOs know and grapple with this problem all the time and the reality is that it will most likely be solved by Security learning to speak Business, rather than Business learning to speak Security.