Acuity Risk Management

Short read: CISOs and the board

New study indicates that misalignment between the board and the CISO in terms of cyber security persists and there is wide disagreement on cyber resilience.

“A wide gulf exists between perceptions of corporate board members and CISOs over the abilities of their companies to handle a cyber attack, according to a study by Proofpoint and Cybersecurity at MIT Sloan.

Almost two-thirds of board members said their organizations are at risk of a material cyberattack in the next 12 months, according to the research. By contrast, less than half of CISOs said their organizations were at risk of such an attack.

There are also mixed perceptions regarding how aligned the board is with CISOs. More than two-thirds of board members said they see eye-to-eye with CISOs in their organizations, while only half of CISOs feel the same way about their board members” Source: Cybersecurity Dive https://bit.ly/3Wx6x71

Disagreement between the board and the CISO on cyber resilience is problematic because, as threat actors continue to grow in frequency and complexity, a ‘united front’ and a centralised approach to cyber risk management is essential

CISOs and their teams cannot protect their organisations without board support and top-down adoption of risk mitigation strategies… And boards cannot accurately distribute resources and justify cyber security investments without a clear and accurate view of the organisation’s risk profile 

A solution to these key issues is often the adoption of better risk management processes, including switching from spreadsheets to software. You can read more about the benefits of adopting a risk management platform in our whitepaper: https://bit.ly/3sQcv5b

Resources you might find useful