- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Global CISOs are routinely belittled and dismissed as being overly negative by their board, according to new Trend Micro research highlighting a “credibility gap” within the function.
The security vendor polled 2600 IT leaders with responsibility for cybersecurity to compile its latest report, The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience.
It revealed that CISOs are failing to win the trust of business leaders. Of those interviewed, 79% claimed they have felt boardroom pressure to downplay the severity of cyber-risks facing their organization.
Of these:
- 43% said it is because they are seen as being “repetitive” or “nagging”
- 42% claimed that they are viewed as overly negative
- 33% have been dismissed “out of hand” by the board
This matters, because an unengaged board is less likely to think of cybersecurity in strategic terms. A third (34%) of responding CISOs claimed cyber is still treated as part of IT rather than business risk in their organization.
Unengaged or disinterested boards also tend to eschew proactive investments in cyber – leading ultimately to breaches and rash, reactive spend to shore up defenses, the report argued.
Read more on CISO-board alignment: UK Boards Are Growing Less Concerned About Cyber-Risk
Some 80% of respondents claimed that the board would only be incentivized to act decisively on business risk if a breach occurred. They estimated that, on average, a financial loss of £150,000 would be enough to nudge the C-suite into action.
“On the other hand, when they are able to align cyber with business strategy, the benefits are clear,” the report continued. “Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.”
Over two-fifths of respondents said they have been given more budget (43%) and responsibility (45%) as a result, with a similar share (41%) reporting that they’ve been brought into senior decision making.