Many board members do not treat their Chief Information Security Officers (CISO) with the respect and seriousness they deserve, hurting not just the CISOs themselves, but the organization in its entirety.

A from Trend Micro based on a survey of 2,600 IT and cybersecurity leaders found almost four in five CISOs (79%) claimed to have been pressured into downplaying the severity of the risks they are facing.

Of that number, almost half (43%) were told they were being either “repetitive”, or “nagging”. A similar percentage (42%) were described by the board as “overly negative”, while a third (33%) were told they were “out of hand”.

Higher risk of cyberattack

Not heeding the warnings CISOs regularly state puts the entire organization at heightened risk of cyberattacks, and makes the board less likely to think strategically about cybersecurity. In fact, a third (34%) of the respondents said cybersecurity is still seen as a part of IT, rather than a business risk.

Finally, the vast majority of the respondents (80%) said their board would only act decisively in an event of a breach or a cyberattack. It takes an attack costing roughly $200,000 to force the board’s hands, the respondents suggested.

The report also says that there are ways for CISOs to improve their standing with the board, mostly by showing the value cybersecurity brings to the organization: “Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.”

Higher credibility comes with benefits of its own: more budget (43%), more responsibility (45%), and being consulted during senior decision-making.

Via Infosecurity Magazine