Board members, CISOs mismatched on cyber threats, new survey shows

Company boards are struggling to get on the same page with lead security executives on how susceptible their organizations are to cyberattacks, according to a new survey.

Driving the news: Email security company Proofpoint and MIT Sloan School of Management’s cyber program released a survey Tuesday detailing how 600 board directors worldwide view the cyber threats facing their companies.

• The survey was conducted Aug. 11–22 this year.
• Respondents came from companies with at least 5,000 employees across a range of sectors, such as tech, manufacturing, financial services and retail.

By the numbers: While nearly seven in 10 board members said they see eye to eye with their chief information security officers on cyber threats, only 51% of CISOs felt the same way.

• 65% of board members worldwide said their organizations are at risk of a “material” cyberattack in the next year, compared to 48% of CISOs.
• In the U.S., that discrepancy was higher: 78% of board members said they’re at risk, compared to 34% of CISOs.
• Roughly three in four board members globally also believe their organizations have “adequately invested” in cybersecurity.
• 41% of board members believe business email compromises are the biggest threat to their industry this year, compared to 30% of CISOs.

Why it matters: Competing perceptions of the threat landscape could make it difficult for CISOs to get board members to support their plans for securing their organizations.

The big picture: Regulators are considering placing more pressure on board members to understand company cybersecurity plans after a string of high-profile breaches.

• Under proposed SEC rules, company boards of directors would be responsible for conducting oversight of cybersecurity risks.

Sign up for Axios’ cybersecurity newsletter Codebook here.