DHS held a series of roundtables on cybersecurity with health industry representatives. The industry representatives, all of them Chief Information Security Officers (CISOs) or risk manager equivalents, hailed from a variety of organizations including an academic medical center and research university, a university hospital system, and a medical vendor that provides health care consumer products, pharmaceuticals, and medical devices/technology. Although each presented very different cyber risk management use cases, they shared many of the same challenges while addressing them. They consequently directed their remarks to three principal topics during the roundtable discussions: (1) making the case for cybersecurity investments to senior leadership; (2) incorporating cost/benefit considerations into their arguments; and (3) negotiating the boundary between risk mitigation efforts and risk transfer/insurance options to promote more effective cyber risk management strategies.