Proofpoint published its second annual Cybersecurity: The 2023 Board Perspective report and found that almost 75% of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, up from 65% the previous year and 53% of those board members believe their organization is not prepared, a slight increase over the prior year. Meanwhile, 61% of CISOs feel underprepared, up from 50% in 2020.
“That those closest to the action, CISOs, feel even more underprepared should be great cause for concern.
“Still, that board members and CISOs feel largely unable to defend and remediate these all-but-inevitable cyber threats should ring alarm bells,” states the report.
The disconnect is further highlighted by the report’s attention to communication and collaboration between board members and CISOs with just 53% of board members regularly interacting with their CISOs, and nearly a third of board members say they see the CISO only as part of report.
“Growing even stronger board-CISO relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they’re investing in the right priorities,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint in a press release.
Proofpoint’s survey also noted:
- 70% of respondents agreed that cybersecurity is a priority for their board
- 70% believe that they have adequately invested in cybersecurity
- 84% reported believing that their cybersecurity budgets would increase in the next year
- 60% say malware was listed as the most pressing concern
Experts with Approov and Cyware offer comments:
There has been disconnect for years, and I am wondering if the CISO is as effective as it should be. In my experience, some such persons lack technical prowess of understanding, and can morph to a more self-serving political animal, than one who is looking over the security factors.
Another issue which I have encountered is, Certified CISO’s who have uttered fraudulent documentation which has been corroborated by other such persons on a tit-for-tat basis, resulting in two certified parties each of whom backed the other – the most significant example of which is such a person securing the top security job on the NEOM project – that was until he was discovered.
Cyber Security is much more that a lucrative money spinner, and as such critical roles need people with the ability to apply critical thinking.
“It seems that the real issue here is the engagement of board members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability – So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”
“It seems that the real issue here is the engagement of board members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability – So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”