{"id":29309,"date":"2022-10-04T09:10:09","date_gmt":"2022-10-04T13:10:09","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=506591"},"modified":"2022-10-04T12:52:12","modified_gmt":"2022-10-04T16:52:12","slug":"boards-cisos-often-arent-in-sync-on-cybersecurity-says-survey","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/boards-cisos-often-arent-in-sync-on-cybersecurity-says-survey\/","title":{"rendered":"Boards, CISOs often aren\u2019t in sync on cybersecurity, says survey"},"content":{"rendered":"<p data-ar-index=\"0\">CISOs increasingly brief boards on their organization\u2019s cybersecurity strategies and risk profile. But a new survey of directors suggests sometimes it\u2019s a game of broken telephone.<\/p>\n<p data-ar-index=\"1\">On average, 65 per cent of the board members of large organizations in 10 countries surveyed thought their organization is at risk of a material cyber attack in the next 12 months. By comparison, only 48 per cent of CISOs who were asked a similar question earlier this year thought their firm was at risk of a material cyber attack.<\/p>\n<p data-ar-index=\"2\">On average, 69 per cent of board members thought they see eye to eye with their CISOs. However, only 51 per cent of CISOs thought they see eye to eye with their boards.<\/p>\n<p data-ar-index=\"3\">The numbers were contained in a survey done for Proofpoint <a href=\"https:\/\/www.proofpoint.com\/us\/resources\/white-papers\/board-perspective-report\" rel=\"noopener\">and released Tuesday <\/a>(registration required to view).<\/p>\n<p data-ar-index=\"4\">Six hundred board members in organizations with over 5,000 employees in 12 countries were surveyed. The results were compared with survey responses given by CISOs in 10 countries earlier this year.<\/p>\n<p data-ar-index=\"5\">Boards appear to be more confident about their organization\u2019s cybersecurity posture than CISOs are, Lucia Milica, Proofpoint\u2019s global resident CISO, said in an interview.<\/p>\n<p data-ar-index=\"6\">That\u2019s worrisome, she said, because boards have oversight responsibility. \u201cCybersecurity is a business risk,\u201d she pointed out, \u201cand something they need to pay attention to.\u201d<\/p>\n<p data-ar-index=\"7\">A problem, she said, \u201ccould be the ability of the CISO to translate a complex topic like cyber risk into business risk.\u201d<\/p>\n<p data-ar-index=\"8\">Among other troublesome numbers in the report is that 24 per cent of board members surveyed said they don\u2019t talk regularly about cybersecurity. That number is \u201cnot fantastic,\u201d Mulca said. By comparison, 21 per cent of board members said they talk about cybersecurity issues once every two to three weeks. Another 16 per cent said it is discussed weekly.<\/p>\n<p data-ar-index=\"9\">The disconnect between boards and CISOs varied by country, where 50 board members in each nation (U.S., Canada, U.K., France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil and Mexico) were interviewed. Some of the questions were the same ones posed in <a href=\"https:\/\/www.itworldcanada.com\/article\/canadian-cisos-more-likely-to-push-prevention-than-detection-to-fight-ransomware-survey\/484731\" rel=\"noopener\">Proofpoint\u2019s Voice of the CISO report released in May.<\/a><\/p>\n<p data-ar-index=\"10\">For example, in Canada 72 per cent of board members agreed their organization is at risk of a material cyber attack in the next 12 months. By comparison, only 62 per cent of Canadian CISOs thought that likely.<\/p>\n<p data-ar-index=\"11\">In the U.S., the divergence was sharper: 76 per cent of board members thought their organization is at risk of a material cyber attack in the next 12 months, compared to 34 per cent of CISOs.<\/p>\n<p data-ar-index=\"12\">Canadian CISOs were also wildly more optimistic about their communication with board members; 85 per cent of CISOs surveyed agreed they see eye-to-eye with their boards. By comparison, only 60 per cent of Canadian directors agreed with that statement.<\/p>\n<p data-ar-index=\"13\">Only half of U.S. CISOs thought they see eye to eye with their boards, while 69 per cent of board members agreed.<\/p>\n<p data-ar-index=\"14\">There were also differences in which threats each group sees as the biggest cybersecurity risk to their organizations.<\/p>\n<p data-ar-index=\"15\">Those differences of opinion may reflect the different perspectives each role brings to the organization, the report says. CISOs primarily see their role as keeping attacks from disrupting the business and enabling the business to continue to function despite cyber attacks. Board members represent shareholders and are most concerned with protecting the value of their investments, which can decline when the organization suffers reputational damage or lost revenue. That might explain why, globally, 41 per cent of board members say email fraud (also called business email compromise) is their biggest worry, compared to 30 per cent of CISOs.<\/p>\n<p data-ar-index=\"16\">The report was written by the Cybersecurity at MIT Sloan group in the Sloan School of Management at MIT. It concluded that the survey results show there is \u201ca large opportunity for discussion\u201d between boards and CISOs.<\/p>\n<p data-ar-index=\"17\">\u201cThe more the board makes cybersecurity a priority,\u201d the authors add, \u201cthe more other leaders will do the same.<\/p>\n<p data-ar-index=\"18\">The report recommends boards<\/p>\n<p data-ar-index=\"19\">\u2013put cybersecurity on the agenda of every board meeting;<\/p>\n<p data-ar-index=\"20\">\u2013have a customized dashboard of relevant cybersecurity metrics made for the board;<\/p>\n<p data-ar-index=\"21\">\u2013participate in corporate cybersecurity tabletop exercises;<\/p>\n<p data-ar-index=\"22\">\u2013regularly meet with cybersecurity leaders to build stronger relationships.<\/p>\n<p data-ar-index=\"23\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/boards-cisos-often-arent-in-sync-on-cybersecurity-says-survey\/506591\">Boards, CISOs often aren\u2019t in sync on cybersecurity, says survey<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On average 69 per cent of board members thought they see eye to eye with their CISOs. However, only 51 per cent of CISOs thought they see eye to eye with th<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[15,16],"tags":[669,391,396,510,393,275],"class_list":["post-29309","post","type-post","status-publish","format-standard","hentry","category-leadership","category-security","tag-boards-of-directors","tag-di","tag-postmedia","tag-proofpoint","tag-security-strategies","tag-top-story"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=29309"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29309\/revisions"}],"predecessor-version":[{"id":29312,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29309\/revisions\/29312"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=29309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=29309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=29309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}