"CISOs and Board Members View Cyber Risk Through Different Lens"

According to new research recently released by Proofpoint and MIT Sloan, there is a disconnect between the boardroom and Chief Information Security Officers (CISOs) globally when evaluating cyber risk. The report reveals that boards are more concerned about a major cyberattack hitting their company than their top security executives, with 65 percent of board members believing in the risk compared to 48 percent of CISOs. According to Lucia Milică, global resident CISO at Proofpoint, the COVID-19 pandemic, which has resulted in widespread digitization among businesses trying to stay open, has increased the importance of cybersecurity in the boardroom in both temporary and permanent ways. During the pandemic, board members had to focus on operations to ensure the company's survival and smooth functioning. Now that things have calmed down, they have opportunities to address long-term risks, such as cyber threats, and implement appropriate controls, according to Milică. On the contrary, after a year of adjusting to high levels of attack, CISOs are becoming more comfortable with potential threats in remote working environments. The report also finds that while board members and CISOs agree on the top threats facing their enterprises, such as email fraud, cloud account compromise, and ransomware, they disagree on the most serious consequences of a cyber incident. The boardroom considers internal data becoming public, reputational damage, and revenue loss as their top concerns. These concerns contrast with those of CISOs, who are more concerned about significant downtime, operational disruption, and the impact on business valuations. Furthermore, CISOs were deeply concerned about the possibility of employees and other insiders stealing or exposing systems and data, ranking it as the top cybersecurity concern, whereas boardrooms were less concerned. Effective communication is essential for closing the gap between the boardroom and CISOs. This article continues to discuss the findings from the 2022 board perspective report. 

SC Media reports "CISOs and Board Members View Cyber Risk Through Different Lens"