It’s astonishing that in a world where cyber crime is becoming one of the biggest risks to businesses, confusion remains as to who is responsible for overseeing cyber security strategies. A recent survey featuring 450 companies across the globe found contrasting opinions. Almost 40 percent of executives surveyed felt it was the responsibility of the board to oversee cyber, compared to 24 percent who believed that a specialised cyber committee should lead on all strategies. However, it’s not only general responsibility that is splitting opinion, but also the specific role of the CISO within an organisation.
One of the biggest problems being faced in regards to cyber security is the lack of effective communication between the CISO and members of the board. Just 8 percent of executives claimed that their CISO or equivalent performs above average in communicating the financial, workforce, reputational or personal consequences of cyber threats to those at the top of the organisation. Unsurprisingly therefore, under 15 percent of CISO’s were given a top rating from a scale of one to ten.
Closing the gap
Board members are primarily concerned with the operational and financial implications of any action that is undertaken. As a result, the communication gap that is currently being experienced must be closed in order for cyber resilience to be adequate. In order for that to happen, CISO’s must be given the tools that can help them quantify and translate the vulnerabilities uncovered from their cyber security maturity assessments. Only then can the board fully understand the budget requirements and offer the necessary meaningful guidance.
Only 30 percent of executives believe they have enough directors that understand cyber risks, which is leading to shortcomings being exposed. Therefore, it’s imperative that the CISO and the board start to work together in order to change that. The responsibility for cyber security falls on every individual in an organisation, so a sense of collaboration is needed at the top to ensure the same at all levels. Clarity is required for this, and quickly, to repel the growing threat of cyber attacks.