Headlines increasingly highlight the consequences of poor cybersecurity practices. Board members with cybersecurity experience are trying to get their fellow members’ attention on it. And board members want to provide oversight, even though they just don’t have…
Boards that struggle with their role in providing oversight for cybersecurity create a security problem for their organizations.
Even though boards say cybersecurity is a priority, they have a long way to go to help their organizations become resilient to cyberattacks. And by not focusing on resilience, boards fail their companies.
We surveyed 600 board members about their attitudes and activities around cybersecurity. Our research shows that despite investments of time and money, most directors (65%) still believe their organizations are at risk of a material cyberattack within the next 12 months, and almost half believe they are unprepared to cope with a targeted attack. Unfortunately, this growing awareness of cyber risk is not driving better preparedness. In this article we detail several ways companies can begin to develop better cybersecurity awareness.
Board interactions with the CISO are lacking
Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This means that directors and security leaders spend far from enough time together to have a meaningful dialogue about cybersecurity priorities and strategies. In addition, our research found that while 65% of board members think their
organization is at risk of a material cyberattack, only 48% of CISOs share that view. This communication gap and board-CISO misalignment hinders progress in cybersecurity.
Download & read the complete book below 👇👇👇