The cyber threat landscape has undoubtedly changed dramatically in recent years, as have the threats we face and attack vectors open to cyber criminals. Consequently, maintaining up to date knowledge of how best to protect an organization and where vulnerabilities lie is no easy task.
While the board clearly shouldn’t be expected to have awareness of the latest attack or know the most up to date access policy, 71% concede that they have gaps in knowledge when it comes to the main cyber threats facing businesses today, which is a concern.
It’s unlikely that this is going to be corrected, either, given that 18% of CISOs say that the board is indifferent to the security team or actually saw them as an inconvenience. Combined with the fact that one third of CEOs said that they would terminate the contract of those responsible for a data beach, and there is potentially a growing and risky divide happening between business leaders and those responsible for cyber security.
Ultimately, there has to be cohesion between these two business roles. If the business is to scale and develop, innovate and bring in the latest technologies to make them more agile and competitive, the security team needs to be involved to ensure that this can be done in a safe and secure way. With breaches happening daily and GDPR fines mounting, failing to close this perspective gap is a risk to any organization.
We believe that security vendors have a responsibility to help align these two stakeholder groups. Explaining security in a way that resonates with both the CISO and the board is paramount, particularly given both will be impacted should a company face attack or suffer a breach.
To read more about the disparity between the board and CISO opinion, our full report: Trouble at the Top: The Boardroom Battle for Cyber Supremacy can be found here.