In this episode, we sit down with Steven Grossman, CISO / CIO at Standard & Preferred Insurance, as he talks about the challenges small and medium-sized businesses face in securing their environment, especially in view of growing regulatory requirements, and how he brings his enterprise consulting experience to bear in driving change. Steven discusses the unique challenges faced by SMBs—such as limited budgets, smaller IT teams, and a general lack of prioritization around cyber risk—while emphasizing the importance of leadership, education, and investing in the right resources like MSPs and fractional CISOs. The conversation covers the regulatory pressures driving security improvements, the pitfalls of treating cybersecurity as a box-ticking exercise, and strategies for building a resilient risk management culture. Steven also shares his perspective on balancing regulatory burden and genuine security, the dangers of under-resourcing IT, and the reasons why proactive approaches to cyber risk are essential for business continuity and consumer trust.

Steven is a cross-functional cybersecurity and information technology leader with experience working in startup to large enterprise environments. After 2 decades of management consulting with international firms like PwC, smaller boutiques and independently on his own, Steven jumped into the cyber and tech startup ecosystem, bringing to bear his knowledge and experience in cybersecurity, risk management, regulatory regimes, data analytics and business process management. Throughout his career, Steven has also held numerous industry executive positions, including his current role as CISO/CIO of Standard & Preferred and the Graph Group, a Workers Comp insurance carrier based in the NY/NJ tri state area.