Board and CISO disconnect on cybersecurity preparedness ‘rings alarm bells’

Proofpoint published its second annual Cybersecurity: The 2023 Board Perspective report and found that almost 75% of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, up from 65% the previous year and 53% of those board members believe their organization is not prepared, a slight increase over the prior year. Meanwhile, 61% of CISOs feel underprepared, up from 50% in 2020.

“That those closest to the action, CISOs, feel even more underprepared should be great cause for concern.

“Still, that board members and CISOs feel largely unable to defend and remediate these all-but-inevitable cyber threats should ring alarm bells,” states the report.

The disconnect is further highlighted by the report’s attention to communication and collaboration between board members and CISOs with just 53% of board members regularly interacting with their CISOs, and nearly a third of board members say they see the CISO only as part of report.  

“Growing even stronger board-CISO relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they’re investing in the right priorities,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint in a press release.

Proofpoint’s survey also noted:

  • 70% of respondents agreed that cybersecurity is a priority for their board
  • 70% believe that they have adequately invested in cybersecurity
  • 84% reported believing that their cybersecurity budgets would increase in the next year
  • 60% say malware was listed as the most pressing concern

George McGregor, VP, Approov had this to say:

   “It seems that the real issue here is the engagement of board  members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability –  So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”

Emily Phelps, Director, Cyware follows with this:

   “Proofpoint’s report illustrates how important communication and collaboration are across all levels of an organization. The rise in board awareness is a great first step to addressing cyber attacks; ultimately, we want to capitalize on the growing awareness so that enterprises can more quickly get to meaningful action that reduces risk.

   “As the report notes, new technologies pose new security risks, and while new technologies can also aid in security defense, it’s more important to ensure the technologies CISOs and security teams adopt work well together. The more collaborative the tools are, the better organizations can address people, tech, and data silos, making it easier to get the right information to the right people at the right time so organizations can take the right action with confidence.”

Everyone has to be on the same page in order to make cybersecurity work. Otherwise bad things will happen. This survey highlight this fact.

Leave a Reply

%d bloggers like this: