Board members, CISOs mismatched on cyber threats, new survey shows


Data: Proofpoint; Note: Respondents could select multiple options; Chart: Axios Visuals
Data: Proofpoint; Note: Respondents could select multiple options; Chart: Axios Visuals

Company boards are struggling to get on the same page with lead security executives on how susceptible their organizations are to cyberattacks, according to a new survey.

Driving the news: Email security company Proofpoint and MIT Sloan School of Management’s cyber program released a survey Tuesday detailing how 600 board directors worldwide view the cyber threats facing their companies.

  • The survey was conducted Aug. 11–22 this year.
  • Respondents came from companies with at least 5,000 employees across a range of sectors, such as tech, manufacturing, financial services and retail.

By the numbers: While nearly seven in 10 board members said they see eye to eye with their chief information security officers on cyber threats, only 51% of CISOs felt the same way.

  • 65% of board members worldwide said their organizations are at risk of a “material” cyberattack in the next year, compared to 48% of CISOs.
  • In the U.S., that discrepancy was higher: 78% of board members said they’re at risk, compared to 34% of CISOs.
  • Roughly three in four board members globally also believe their organizations have “adequately invested” in cybersecurity.
  • 41% of board members believe business email compromises are the biggest threat to their industry this year, compared to 30% of CISOs.

Why it matters: Competing perceptions of the threat landscape could make it difficult for CISOs to get board members to support their plans for securing their organizations.

The big picture: Regulators are considering placing more pressure on board members to understand company cybersecurity plans after a string of high-profile breaches.

  • Under proposed SEC rules, company boards of directors would be responsible for conducting oversight of cybersecurity risks.

Sign up for Axios’ cybersecurity newsletter Codebook here.



Source link