Many CISOs feel like they don’t get the proper respect from their board
Many board members do not treat their Chief Information Security Officers (CISO) with the respect and seriousness they deserve, hurting not only the CISOs themselves, but the organization as a whole.
A Trend Micro study, based on a survey of 2,600 IT and cybersecurity leaders, found that nearly four in five CISOs (79%) say they have been pressured to discuss the severity of the risks they face to trivialize.
Of that number, almost half (43%) were told they were ‘repetitive’ or ‘nagging’. A similar proportion (42%) were described by the board as “overly negative”, while a third (33%) were told they were “getting out of control”.
Higher risk of cyber attacks
Failure to heed the warnings that CISOs regularly issue puts the entire organization at increased risk from cyber attacks and makes the board less likely to think strategically about cybersecurity. A third (34%) of respondents say cybersecurity is still seen as part of IT, rather than a business risk.
Finally, the vast majority of respondents (80%) indicate that their board will only take decisive action in the event of a breach or cyber attack. It would take an attack costing roughly $200,000 to force the board’s hands, respondents suggested.
The report also says there are ways CISOs can improve their position with the board, especially by demonstrating the value cybersecurity brings to the organization: “Half (46%) of respondents say that when they assess the business value of their companies have been able to measure their cybersecurity strategy are viewed with more credibility.”
Greater credibility in itself brings benefits: more budget (43%), more responsibility (45%) and being consulted during high-level decision-making.
Through Infosecurity magazine