Board members are paying attention to the cyber risk information reported to them and many say that cybersecurity executives could lose their jobs if they fail to provide useful, actionable information, a recent survey from Bay Dynamics reveals.
According to the study, 89% of board members surveyed said they are very involved in making cyber risk decisions, while 74% of them said the cyber risk information is provided to them weekly. However, they also say that IT and security executives should be held accountable for presenting quality reports, with 59% of respondents saying security executives will lose their jobs as a result of failing to provide useful, actionable information.
The survey also found that 70% of board members say they understand what IT and security executives tell them in their presentations, but more than half believe the data presented is too technical. 26% of respondents say that cyber risk has the highest priority, while financial, legal, regulatory and competitive risks had scores of 16 to 22 percent.
Based on a nationwide survey conducted by research firm Osterman Research among 125 enterprise executives who actively serve on a board of directors, the report also reveals that there is room for reporting improvements. More than 60% respondents say they are very satisfied and with the typical presentation from IT and security executives, 85 percent believe that IT and security executives need to improve the way they report to the board.
Dubbed “How Boards of Directors Really Feel about Cyber Security Reports,” the study (PDF) complements a February report from Bay Dynamics, titled “Reporting to the Board: Where CISOs and the Board are Missing the Mark” and meant to discover how IT and security executives feel about their information reports presented to the board.
While 97% of board members say they have a good idea of what to do with the information IT and security executives present to them, only 40 percent of security executives believe that information is actionable. While 70% of board members say they understand what they are being told, only around 30 percent of IT and security executives believe the board comprehends the information provided to them.
Moreover, while half of board member respondents believe IT and security executives use manually compiled spreadsheets to report cyber security data to the board, 81 percent of the responding IT and security executives admitted to using manually compiled spreadsheets to report data to the board.
“Companies are headed in the right direction when it comes to managing their cyber risk. As our latest report shows, the board is engaged and holding IT and security executives accountable for reducing risk,” Ryan Stolte, Chief Technology Officer at Bay Dynamics, said. “However, more work needs to be done. Part of the problem is that board members are being educated about cyber risk by the same people (IT and security executives) who are tasked to measure and reduce it. Companies need an objective, industry standard model for measuring cyber risk so that everyone is following the same playbook and making decisions based on the same set of requirements.”

More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
