How CIOs Should Convey Cyber-Risks to the Board

 
 
By Karen A. Frenkel  |  Posted 09-22-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    How CIOs Should Convey Cyber-Risks to the Board
    Next

    How CIOs Should Convey Cyber-Risks to the Board

    Board of directors expect less technical and more actionable information from IT and security executives in order to assess how cyber-risk is being addressed.
  • Previous
    Board Members Involved in Security
    Next

    Board Members Involved in Security

    89% of board members say they are very involved in making cyber-risk decisions, indicating that the analysis and communication of security metrics by IT and security executives is critically important to cyber-risk reduction.
  • Previous
    Inactionable Security Information Means Job Risk
    Next

    Inactionable Security Information Means Job Risk

    59% of board members say one or more IT security executives will lose their jobs if they don’t provide useful, actionable information. 34% said they would warn that improvement is necessary.
  • Previous
    Cyber Risk in the Spotlight
    Next

    Cyber Risk in the Spotlight

    26% of board members say cyber-risk is the highest priority, whereas other risks—financial, legal, regulatory and competitive—are the highest priority for up to 22% of respondents.
  • Previous
    What Data Really Is Actionable?
    Next

    What Data Really Is Actionable?

    Although 97% of board members say they know exactly what to do, or have a good idea of what to do, with data reported by security and risk organizations, two out of five board members don't believe risk decreases because of input from IT and security.
  • Previous
    Data Is Too Technical
    Next

    Data Is Too Technical

    Even though 70% of board members say they understand everything IT and security executives say, 54% agree, or strongly agree, that data presented to them is too technical.
  • Previous
    Board Satisfaction After Presentations
    Next

    Board Satisfaction After Presentations

    65% board members are significantly or very satisfied and inspired after IT and security executives' presentations about the company's cyber-risk.
  • Previous
    But Presentations Need to Improve
    Next

    But Presentations Need to Improve

    85% of board members believe IT and security executives should improve the way they report to the board.
  • Previous
    Top Three Items the Board Wants
    Next

    Top Three Items the Board Wants

    The top three items boards want from IT and security executives are: Clearly worded reports that do not require board members to be cyber-experts. Quantitative information about cyber-risks. Progress that has been and is being made to address the company's cyber-risk.
  • Previous
    Boards Favor Consistency
    Next

    Boards Favor Consistency

    Boards demand consistency to measure an organization, but cyber-risk lacks a standard. They want an anchor so they can assess how cyber-risk is being managed.
  • Previous
    What IT and Security Executives Can Do
    Next

    What IT and Security Executives Can Do

    Providing consistency in how security data is compiled—in a traceable and transparent manner—helps the board assess unbiased metrics to leverage and hold IT and security executives accountable.
 

Half of IT and security executives risk losing their jobs if they fail to provide useful, actionable information to their company's board, according to a recent study. The report, "How Boards of Directors Really Feel About Cyber Security Reports," also reveals a disconnect between what the board perceives as actionable information and what IT and security executives define as data that can be used to make informed decisions. "Part of the problem is that board members are being educated about cyber-risk by the same people (IT and security executives) tasked to measure and reduce it," says Ryan Stolte, CTO at cyber-risk analytics company Bay Dynamics, which commissioned the study. "Companies need an objective, industry-standard model for measuring cyber-risk so that everyone is following the same playbook and making decisions on the same set of requirements." Osterman Research conducted the study in April. Its 125 respondents are C-level executives, senior executives, vice presidents, or directors/senior directors on either the board of directors of their company, or on the board of another company.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register