Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?
A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close to cyber, it will reach them anyway — at least according to a potential new SEC rule. What should security leaders do?
Cyber knowledge gap
A recent CyberEdBoard report said, “Board members are just not equipped to understand technology. The other side of the problem is that CISOs tend to talk in technical terms and it goes right over the board’s head. We have to figure out ways for CISOs to communicate effectively to the board.”
That might be a generalization as tech savviness increasingly makes its way into the upper ranks of business. However, when only a fraction of CISOs report to CEOs, it raises questions about how companies prioritize security issues.
Meanwhile, the federal government is increasingly concerned about the impact of cyberattacks, for example, on critical infrastructure and government agencies. And the feds are taking action to enforce compliance.
SEC enforcement moves forward
In 2022, the SEC nearly doubled the size of the Enforcement Division’s Cyber and Crypto Asset ..
Support the originator by clicking the read the rest link below.
