Nearly two-thirds ( 65 %) of board members believe their organisation is at risk of material cyberattack in the next 12 months .
cybersecurity at least monthly , these efforts appear insufficient – 47 % still view their organisation as unprepared to cope with a cyberattack in the next 12 months .
• Board members disagree with CISOs about the most important consequences of a cyberincident : Internal data becoming public is at the top of the list of concerns for boards ( 37 %), followed closely by reputational damage ( 34 %) and revenue loss ( 33 %). These concerns are in sharp contrast with those of CISOs , who are more worried about significant downtime , disruption of operations and impact on business valuations .
• High employee awareness doesn ’ t protect against human error : Although 76 % of those surveyed believe their employees understand their role in protecting the organisation against threats , 67 % of board members believe human error is their biggest cyber-vulnerability .
• The relationship between boards and CISOs has room for improvement : There is a sharp variance in perspective between board members and CISOs : while 69 % of board members report seeing eye-to-eye with their CISO , only 51 % of CISOs feel the same .
• Boards are warming up to regulatory oversight : 80 % of respondents agree that organisations should be required to report a material cyberattack to regulators within a reasonable timeframe and only 6 % disagree .
“ Board members play a key role in their organisations ’ cybersecurity culture and cybersecurity posture ,” said Dr Keri Pearlson , Executive Director at Cybersecurity at MIT Sloan ( CAMS ). “ Board members have fiduciary and oversight responsibility for their organisations ; therefore , they must understand the cybersecurity threats their organisations face and the strategy their organisations take to be cyber-resilient .
“ Board members need to look for ways to make CISOs their strategic partners . With cybersecurity risk front and centre on boardroom agendas , a better alignment of CISOs ’ and boards ’ cybersecurity priorities will only serve to improve their organisations ’ protection and resilience .” p
28 INTELLIGENTCIO EUROPE www . intelligentcio . com