Featured

Blogs

How to Sell Data Security to a CISO: Think Like One First

17 Jun 2026

XConnect Blog1

Knowing how to sell data security to a CISO starts with understanding what actually keeps them up at night and this is rarely the conversation channel partners open with, XConnect set out to solve that. Exclusive Networks brought together the UK’s top security leaders to give the channel something more useful than your typical powerpoint presentation. Real perspective, from people who’ve actually lived the role.

The theme: Think Like a CISO.

First, Understand Why Data Is the Target

Dave Sheridan, former Global CISO for a major investment bank, opened with a story worth hearing.

Bank crime has evolved over the last fifty years. We’ve gone from armed robbery to cash-in-transit attacks to ATM skimmers. With every new route to crime blocked in turn. The attackers kept hitting walls.

So they changed their target.

They wised up and went, ‘Banks have got so much data, and there’s more value in data than there is in cash, because I can monetise every piece of data.'

That’s when the CISO role was born.

Adam Williamson, UK Country Manager at Exclusive Networks, was direct.

None of those technologies are there to secure anything but data. Data’s always been at the crux of our business. Data is the most important asset that any organisation has.

The numbers are huge. Global cybercrime is forecast to cost $10.5 trillion this year alone, by 2028, the world will generate 209 zettabytes of data and every 11 seconds, somewhere in the world, a new ransomware attack launches.

The more data there is, the bigger the target gets. And the pressure on security leaders just keeps growing with it.

How to Sell Data Security to a CISO: The Challenges You Need to Understand First

The CISO isn’t just thinking about threats. They’re juggling ownership, risk, regulators and board communication. All at the same time, all of the time.

Dave named one challenge that never really gets fixed: nobody fully agrees on who owns data.

Who’s responsible for data? I don’t know. Who’s respon… Ah, it’s the CISO’s responsibility. No, it’s my job to protect the business. Am I responsible for the data? Oh, no, it’s the CEO and the chief data officer. Is it? They’re just structuring how we’re using the data. No, it’s the business owner.

If the CISO doesn’t own the data decision, the conversation you need is broader than the one you’re probably having. Then there’s ransomware. Modern attackers don’t just steal data they also encrypt what’s left too. And if your backup is sitting on the same compromised network, you’ve got a very serious problem very fast.

“Have you got a third copy of the data anywhere?” “No.” “Okay. Hmm. That’s another issue then.”

Stuart Seymour, Group CISO of Virgin Media O2, spent the past year building a “minimum viable company” to avoid that debate during an actual crisis event. The findings actually surprised people.

From my own personal opinion, I found out some really curious things. One being that it’s not the immediate systems that one might expect which would be the ones we would recover first. For example, payroll might have a 30 day window within it depending on the timing of the incident. One of the first things that should be recovered, can anyone guess? The ability to get onto the network and authenticate. Without it there’s trouble.

Paul Colnan, CISO at NewDay, was responding to a question: how do you actually prove you can recover from a data incident, not just in theory but for real?

His answer set a clear bar for what he expects from partners:

Don’t just say, ‘I've backed up that data you said you need,' but let's rebuild the thing in a new region. Let's see that it does perform to the SLAs the business needs. That's the detail I'd love to get into.

Backing data up is the easy part. Proving you can get a business back on its feet, within the timeframes it actually needs, is something most partners never talk about.

Think Like a CISO.

Dave was direct about what most partner conversations look like from his side.

Don’t turn up and go, ‘Hey, I’ve got this new ransomware product. I’ve got this new XDR.’ So what? I’ve got a stack of them already.

The thing is, you might work through five different people before you ever get to a CISO. If at that point you come in unprepared, you’ve already lost them.

“If you can bring me something that’s going to help me make my life easier, I’m going to listen to you. If you’re just going to try and sell me a product, another agent to stick on the stack, I’m going to go, ‘No, thanks.’”

So the message was, do the research first, understand the business and find the real problems before you walk through the door.

Another example is Stuart’s team built a tool to put risk “in a pounds and pence level” for the board. They called the unit “lemons” to take the emotion out of the number. A CISO inventing a fake currency just to get a board to engage is a gap partners could help close.

Paul put it simply:

A lot of time I get sold products, and I think, ‘I don’t have that problem.’ Just, come and listen to what we’ve got to say. What our struggles are and then you can fit your solution in to work with us.

The Best Job and Worst Job in the World

Dave closed with - “This is the best job and the worst job in the world.”

Stuart was clear. - “Are you secure? My answer is never and I’ll never be. Are you resilient? Well, that’s another conversation.”

A CISO is never fully secure. They manage risk, but they never eliminate it. The overarching message of the day was to stop selling security as a finish line. Start helping them build resilience, the ability to recover faster, prove value to a sceptical board, and maybe sleep a little better on a Sunday night.

That’s a harder sell than a feature list, but it’s the only one worth making. Think like that, think like a CISO and you might just get a second meeting.

Want to go deeper? Watch highlights from the XConnect Data Security event featuring insights from our CISO speakers.

Latest blogs

View all blogs

Featured

Blogs

Why Continuous Assurance Is the New Standard for Data Security

19 Jun 2026

Featured

Blogs

Data Storage Security: Why the Storage Layer Is The Biggest Unprotected Gap

18 Jun 2026

Featured

Blogs

How to Sell Data Security to a CISO: Think Like One First

17 Jun 2026

Featured

Blogs

Buzzing for Biodiversity: Our Hive Partnership with Softcat

19 May 2026

Featured

Blogs

Five Reasons to Get Your Team on the Pitch — Exclusive Networks Charity Football Tournament 2026

14 Apr 2026

Featured

Blogs

Growing Together: How Exclusive Networks is Putting Purpose into Practice

11 Mar 2026

Start growing your business

Whether you need a quote, advice, want to become a partner, or want to take advantage of our global services, we are here to help

Get in touch
close icon
< Back

Cookies on the website

Accept Customise
Accept All Reject All
Required

Category: Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Category: Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Category: Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Exclusive Networks and it’s subsidiary companies including but not limited to Exclusive Networks, use cookies on their websites to service our visitors in accordance with this cookie notice. You may find out more about this below.

Cookies Notice

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device.

Use of Cookies 

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Functionality cookies

These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences, for example, your choice of language or region.

Analytical or performance cookies

These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users find what they are looking for easily.

Targeting cookies

These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Terminology to help you understand cookies

 
First and Third-party cookies

First-party cookies are cookies set by our website, i.e. the website displayed in your URL window.

Third-party cookies are cookies that are set by a domain other than our website. We may use third parties’ cookies and these third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. Please see our cookies table for more information.

Session and Persistent cookies

Session cookies are cookies which expire once you close your web browser. Persistent cookies are cookies which stay on your device for a set period of time or until you delete them. Please see our cookies table for more information.

Cookies control and disabling cookies

You can manage cookies by changing settings in cookies consent banner while you visit our websites for the first time or at any time using “Manage cookies” button in the left down corner of the website. You can also change your browser settings, so cookies from our websites cannot be sent and stored on your device. However, if you block certain cookies, such as strictly necessary cookies for the functioning of our website, you may not be able to access all or parts of our website.

You can use your browser to delete cookies that have already been stored. However, the steps and measures required vary depending on the browser you use. If you have any questions, please use the Help function or consult the documentation for your browser or contact its creator for support.

To find out more about cookies, visit www.aboutcookies.org  or www.allaboutcookies.org.

Contact 

If you have any queries concerning our use of your personal information, please email marketing@exclusive-networks.com.

Cookies table

Update consent preferences

 

Close > View cookie policy
close icon