Published on November 9, 2023, 5:45 am
Cybersecurity is a top concern for organizations worldwide, with boards of directors and chief information security officers (CISOs) taking center stage in mitigating cyber risks. However, a recent report reveals that there is a disconnect between board members and CISOs when it comes to aligning their priorities and perspectives on cybersecurity.
According to “The Cybersecurity: The 2022 Board Perspective” report, a collaboration between Proofpoint and Cybersecurity at MIT Sloan (CAMS), only 69% of board members globally feel aligned with their CISOs. Meanwhile, 51% of CISOs agree that they see eye-to-eye with the board. This misalignment can have serious consequences for organizations’ defense against cyberattacks.
In Singapore specifically, the disconnect between board members and CISOs is even more pronounced. The country ranks 10th out of 12 in terms of board members feeling aligned to their CISOs, with only 44% of CISOs feeling aligned with their board. Despite this lack of alignment, 78% of Singaporean board members believe they have invested adequately in cybersecurity. However, six out of ten still believe their organization is unprepared to cope with a cyberattack within the next year.
One clear area where boards and CISOs differ in their perception of cybersecurity threats is human error. While only 56% of Singaporean board members view human error as the biggest cyber vulnerability for their organization, the World Economic Forum has found that human error leads to 95% of all cybersecurity incidents globally. Boards also downplay insider threats, ranking them second to last on their list of concerns. In contrast, global CISOs consider insider threats –whether malicious, accidental, or negligent– as the most important issue.
Insider threats should not be taken lightly as they represent a significant vulnerability for organizations. Proofpoint’s “2022 Cost of the Insider” report highlighted that insider threats have increased by 44% in the last two years. More than half of these incidents (56%) were due to negligence, resulting in an average annual cost of US$6.6 million to remediate.
Lucia Milică, Vice President and Global Resident CISO at Proofpoint, emphasized the need for boards and CISOs to be on the same page when it comes to cybersecurity. She stated, “The board-CISO relationship is instrumental in protecting people and data, and each side must strive toward more effective communication and collaborative effort to ensure organizational success.”
The consequences of a disconnect between boards and CISOs can lead to weakened defenses against cyberattacks. Even though 78% of Singaporean board members believe they have invested sufficiently in cybersecurity and discuss it regularly, 62% still consider their organization unprepared to handle a cyberattack within the next year.
Dr. Keri Pearlson, Executive Director at Cybersecurity at MIT Sloan (CAMS), highlighted the crucial role that board members play in their organizations’ cybersecurity posture. She emphasized that boards should view CISOs as strategic partners and seek better alignment of cybersecurity priorities with them. This will help improve organizations’ protection and resilience against cyber threats.
In conclusion, bridging the gap between boards and CISOs is essential for building strong defense strategies against cyber threats. The board-CISO relationship should be characterized by effective communication, shared understanding of risks, and collaborative efforts towards a cyber-resilient organization. By aligning their perspectives and priorities, boards can empower their CISOs to effectively protect people and data from evolving cyber risks.