Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

CISOs Risk Getting Fired Over Poor Reporting

Board members are paying attention to the cyber risk information reported to them and many say that cybersecurity executives could lose their jobs if they fail to provide useful, actionable information, a recent survey from Bay Dynamics reveals.

Board members are paying attention to the cyber risk information reported to them and many say that cybersecurity executives could lose their jobs if they fail to provide useful, actionable information, a recent survey from Bay Dynamics reveals.

According to the study, 89% of board members surveyed said they are very involved in making cyber risk decisions, while 74% of them said the cyber risk information is provided to them weekly. However, they also say that IT and security executives should be held accountable for presenting quality reports, with 59% of respondents saying security executives will lose their jobs as a result of failing to provide useful, actionable information.

The survey also found that 70% of board members say they understand what IT and security executives tell them in their presentations, but more than half believe the data presented is too technical. 26% of respondents say that cyber risk has the highest priority, while financial, legal, regulatory and competitive risks had scores of 16 to 22 percent.

Based on a nationwide survey conducted by research firm Osterman Research among 125 enterprise executives who actively serve on a board of directors, the report also reveals that there is room for reporting improvements. More than 60% respondents say they are very satisfied and with the typical presentation from IT and security executives, 85 percent believe that IT and security executives need to improve the way they report to the board.

Dubbed “How Boards of Directors Really Feel about Cyber Security Reports,” the study (PDF) complements a February report from Bay Dynamics, titled “Reporting to the Board: Where CISOs and the Board are Missing the Mark” and meant to discover how IT and security executives feel about their information reports presented to the board.

While 97% of board members say they have a good idea of what to do with the information IT and security executives present to them, only 40 percent of security executives believe that information is actionable. While 70% of board members say they understand what they are being told, only around 30 percent of IT and security executives believe the board comprehends the information provided to them.

Moreover, while half of board member respondents believe IT and security executives use manually compiled spreadsheets to report cyber security data to the board, 81 percent of the responding IT and security executives admitted to using manually compiled spreadsheets to report data to the board.

Advertisement. Scroll to continue reading.

“Companies are headed in the right direction when it comes to managing their cyber risk. As our latest report shows, the board is engaged and holding IT and security executives accountable for reducing risk,” Ryan Stolte, Chief Technology Officer at Bay Dynamics, said. “However, more work needs to be done. Part of the problem is that board members are being educated about cyber risk by the same people (IT and security executives) who are tasked to measure and reduce it. Companies need an objective, industry standard model for measuring cyber risk so that everyone is following the same playbook and making decisions based on the same set of requirements.”

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.