Forbes: For too long, the cybersecurity industry has relied on hope and hype when it should be focused on demonstrable effectiveness. Massive investments in cybersecurity haven’t translated into confidence for executives, boards or insurers—and CISOs are stuck in the middle.