This year, it’s not the breach that defines a CISO, but how quickly they can explain and contain it — turning inaction into a direct risk to credibility.