Board And CISO Disconnect on Cybersecurity Preparedness ‘Rings Alarm Bells’– Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Sep 11, 2023 03:36 am PST

Proofpoint published its second annual Cybersecurity: The 2023 Board Perspective report and found that almost 75% of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, up from 65% the previous year and 53% of those board members believe their organization is not prepared, a slight increase over the prior year. Meanwhile, 61% of CISOs feel underprepared, up from 50% in 2020.

“That those closest to the action, CISOs, feel even more underprepared should be great cause for concern.

“Still, that board members and CISOs feel largely unable to defend and remediate these all-but-inevitable cyber threats should ring alarm bells,” states the report.

The disconnect is further highlighted by the report’s attention to communication and collaboration between board members and CISOs with just 53% of board members regularly interacting with their CISOs, and nearly a third of board members say they see the CISO only as part of report.  

“Growing even stronger board-CISO relationships will be instrumental in the months ahead so directors and security leaders can have more meaningful conversations and ensure they’re investing in the right priorities,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint in a press release.

Proofpoint’s survey also noted:

  • 70% of respondents agreed that cybersecurity is a priority for their board
  • 70% believe that they have adequately invested in cybersecurity
  • 84% reported believing that their cybersecurity budgets would increase in the next year
  • 60% say malware was listed as the most pressing concern

Experts with Approov and Cyware offer comments:

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Professor John Walker
Professor John Walker , Visiting Professor
September 12, 2023 11:45 am

There has been disconnect for years, and I am wondering if the CISO is as effective as it should be. In my experience, some such persons lack technical prowess of understanding, and can morph to a more self-serving political animal, than one who is looking over the security factors.
Another issue which I have encountered is, Certified CISO’s who have uttered fraudulent documentation which has been corroborated by other such persons on a tit-for-tat basis, resulting in two certified parties each of whom backed the other – the most significant example of which is such a person securing the top security job on the NEOM project – that was until he was discovered.
Cyber Security is much more that a lucrative money spinner, and as such critical roles need people with the ability to apply critical thinking.

Emily Phelps
Emily Phelps , Director
September 11, 2023 11:37 am

“It seems that the real issue here is the engagement of board members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability – So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”

Last edited 5 months ago by Emily Phelps
George McGregor
George McGregor , VP of Marketing
September 11, 2023 11:36 am

“It seems that the real issue here is the engagement of board members – only half the board members surveyed have regular contact with the CISO and much of that seems to be related to understanding their own personal liability – So it would appear that the recommendations around increasing board member understanding and awareness will be the most impactful.”

Last edited 5 months ago by George McGregor

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x