- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Global CISOs are routinely belittled and dismissed as being overly negative by their board, according to new Trend Micro research highlighting a “credibility gap” within the function.
The security vendor polled 2600 IT leaders with responsibility for cybersecurity to compile its latest report, The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience.
It revealed that CISOs are failing to win the trust of business leaders. Of those interviewed, 79% claimed they have felt boardroom pressure to downplay the severity of cyber-risks facing their organization.
Of these:
- 43% said it is because they are seen as being “repetitive” or “nagging”
- 42% claimed that they are viewed as overly negative
- 33% have been dismissed “out of hand” by the board
This matters, because an unengaged board is less likely to think of cybersecurity in strategic terms. A third (34%) of responding CISOs claimed cyber is still treated as part of IT rather than business risk in their organization.
Unengaged or disinterested boards also tend to eschew proactive investments in cyber – leading ultimately to breaches and rash, reactive spend to shore up defenses, the report argued.
Read more on CISO-board alignment: UK Boards Are Growing Less Concerned About Cyber-Risk
Some 80% of respondents claimed that the board would only be incentivized to act decisively on business risk if a breach occurred. They estimated that, on average, a financial loss of £150,000 would be enough to nudge the C-suite into action.
“On the other hand, when they are able to align cyber with business strategy, the benefits are clear,” the report continued. “Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.”
Over two-fifths of respondents said they have been given more budget (43%) and responsibility (45%) as a result, with a similar share (41%) reporting that they’ve been brought into senior decision making.