cyber trends threats they face : Board members ranked email fraud / Business Email Compromise ( BEC ) as their top concern ( 41 %), followed by cloud account compromise ( 37 %) and ransomware ( 32 %). While email fraud / BEC and cloud account compromise are also among top concerns for CISOs , they view insiders as their top threat , whereas board members rate insiders as a lower concern .
• Awareness and funding do not translate into preparedness : Although 75 % of those surveyed feel their board understands their organisation ’ s systemic risk , 76 % think they have invested adequately in cybersecurity , 75 % believe their data is adequately protected and 76 % discuss cybersecurity at least monthly , these efforts appear insufficient – 47 % still view their organisation as unprepared to cope with a cyberattack in the next 12 months .
• Board members disagree with CISOs about the most important consequences of a cyber-incident : Internal data becoming public is at the top of the list of concerns for boards ( 37 %), followed closely by reputational damage ( 34 %) and revenue loss
( 33 %). These concerns are in sharp contrast with those of CISOs , who are more worried about significant downtime , disruption of operations and impact on business valuations .
• High employee awareness doesn ’ t protect against human error : Although 76 % of those surveyed believe their employees understand their role in protecting the organisation against threats , 67 % of board members believe human error is their biggest cyber-vulnerability .
• The relationship between boards and CISOs has room for improvement : There is a sharp variance in perspective between board members and CISOs : while 69 % of board members report seeing eye-to-eye with their CISO , only 51 % of CISOs feel the same .
• Boards are warming up to regulatory oversight : 80 % of respondents agree that organisations should be required to report a material cyberattack to regulators within a reasonable timeframe and only 6 % disagree .
“ Board members play a key role in their organisations ’ cybersecurity culture and cybersecurity posture ,” said Dr Keri Pearlson , Executive
Director at Cybersecurity at MIT Sloan ( CAMS ). “ Board members have fiduciary and oversight responsibility for their organisations ; therefore , they must understand the cybersecurity threats their organisations face and the strategy their organisations take to be cyber-resilient .
“ Board members need to look for ways to make CISOs their strategic partners . With cybersecurity risk front and centre on boardroom agendas , a better alignment of CISOs ’ and boards ’ cybersecurity priorities will only serve to improve their organisations ’ protection and resilience .” u
Board members need to look for ways to make CISOs their strategic partners . www . intelligentciso . com
21