Boards that struggle with their role in providing oversight for cybersecurity create a security problem for their organizations. Even though boards say cybersecurity is a priority, they have a long way to go to help their organizations become resilient to cyberattacks. And by not focusing on resilience, boards fail their companies.
We surveyed 600 board members about their attitudes and activities around cybersecurity. Our research shows that despite investments of time and money, most directors (65%) still believe their organizations are at risk of a material cyberattack within the next 12 months, and almost half believe they are unprepared to cope with a targeted attack. Unfortunately, this growing awareness of cyber risk is not driving better preparedness. In this article we detail several ways companies can begin to develop better cybersecurity awareness.
Board interactions with the CISO are lacking
Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This means that directors and security leaders spend far from enough time together to have a meaningful dialogue about cybersecurity priorities and strategies. In addition, our research found that while 65% of board members think their organization is at risk of a material cyberattack, only 48% of CISOs share that view. This communication gap and board-CISO misalignment hinders progress in cybersecurity.
Our findings suggest that the CISO-board disconnect is exacerbated by their unfamiliarity with each other on a personal level (they do not spend enough time together to get to know each other and their attitudes and priorities in a productive way). Also contributing to this disconnect is the CISO’s difficulty in translating technical jargon into b ..
Support the originator by clicking the read the rest link below.
