How CIOs Should Convey Cyber-Risks to the Board

By Karen A. Frenkel  |  Posted 09-22-2016 Email

Half of IT and security executives risk losing their jobs if they fail to provide useful, actionable information to their company's board, according to a recent study. The report, "How Boards of Directors Really Feel About Cyber Security Reports," also reveals a disconnect between what the board perceives as actionable information and what IT and security executives define as data that can be used to make informed decisions. "Part of the problem is that board members are being educated about cyber-risk by the same people (IT and security executives) tasked to measure and reduce it," says Ryan Stolte, CTO at cyber-risk analytics company Bay Dynamics, which commissioned the study. "Companies need an objective, industry-standard model for measuring cyber-risk so that everyone is following the same playbook and making decisions on the same set of requirements." Osterman Research conducted the study in April. Its 125 respondents are C-level executives, senior executives, vice presidents, or directors/senior directors on either the board of directors of their company, or on the board of another company.

Karen A. Frenkel writes about technology and innovation and lives in New York City.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register