More than half of board members are willing to sack security execs for poor reporting
The decisions that board level executives make on cyber security are very dependent on the quality of the reports they receive from front line management.
A new report from cyber risk analysis specialist Bay Dynamics, carried out in conjunction with Osterman Research, looks at how boards of directors see cyber security reports. Among its findings are that 59 percent of board members say that one or more IT security executives will lose their job as a result of failing to provide useful, actionable information.
Cyber risks are a high priority among board members compared to other areas such as financial, legal, regulatory, and competitive risks. 89 percent of board members say they are very involved in making cyber risk decisions and 74 percent say cyber risk information is reported to them weekly.
The results call the usefulness of those reporst into question, however. Even though 70 percent of board members surveyed report that they understand everything that they’re being told by IT and security executives in their presentations, more than half (54 percent) agree or strongly agree that the data they're presented with is too technical.
Although more than three out of five board members say they are both significantly or very 'satisfied' (64 percent) and 'inspired' (65 percent) after the typical presentation by IT and security executives about the company's cyber risk, the majority (85 percent) of board members believe that IT and security executives need to improve the way they report to the board.
The report's authors conclude, "Boards of directors are built on consistency and demand it to do their jobs. They’re accustomed to a consistent way of measuring an organization. This new cyber risk challenge that they're presented with lacks a standard that they can anchor themselves on to know how they’re performing when it comes to managing cyber risk. This is critically important to solving this problem. By providing consistency in the way security data is compiled -- in a traceable and transparent manner -- then the board can access unbiased metrics to leverage and hold IT and security executives accountable".
You can find out more in the full study, How Boards of Directors Really Feel About Cyber Security Reports which is available on the Bay Dynamics site.