4 Signs Your Board Thinks Security Readiness Is Better Than It Is

  /     /     /  
Publicated : 22/11/2024   Category : security


4 Signs Your Board Thinks Security Readiness Is Better Than It Is


Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.



While most boards of directors today consider cybersecurity risks a top concern for the companies they help govern, their true awareness of the threats may not be as good as they think, according to recent results of a
Ponemon Institute survey
that compared directors perceptions to IT security executives. The study showed that theres a gap between how well the boards believe their charges are doing with security and the perception by security personnel in the trenches working to protect company assets. Here are some indications from the survey that boards of directors (BoDs) may underestimate the cybersecurity risks facing their organizations.
 
Baseline Knowledge Missing
Even though almost three-quarters of directors report that theyre charged with overseeing risk assessments and audits at their companies, they may not have the baseline knowledge necessary to really decipher information and capably lead based on these assessments. The survey showed that only 33 percent of board members consider themselves knowledgeable or very knowledgeable about cybersecurity. Its not surprising, then that while 70 percent of board members say they understand the security risks their organizations face, just 43 percent of IT security personnel believe their boards truly understand the cyber risk landscape.
 
Overconfidence Endemic To Boards
The lack of knowledge allows many directors to maintain somewhat Pollyanna-ish views about their organizations security readiness. Approximately 59 percent of board members rate their cybersecurity governance practices as very effective. At the same time, only 18 percent of security pros also believe this to be true.
This finding reveals the deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks, the report said.
 
BoD Not Informed of Incidents
The disparity between breaches that board members know about versus those that IT security staff have knowledge of hints at a troubling lack of communication between the board and infosec pros.  
Over half of IT security professionals reported that their organizations had experienced a breach involving theft of high-value information in the past two years. Thats compared with just 23 percent of board members who believed the same. Furthermore, in many cases, board members are unsure if their organizations have experienced security incidents. About one in five directors say theyre uncertain if their organization experienced a cyber attack that disrupted business or IT operations in the past few years and 18 percent said they were unsure if it experienced a breach involved high-value information.
 
Directors Dont Ask For Security Measurables
While board members recognize the importance of cyber security—89 percent say they recognize the reputational and marketplace impacet breaches or security failures pose—theyre not asking for enough information from security departments. In fact, only 19 percent of boards use any kind of cybersecurity metrics to keep IT accountable for maintaining an acceptable level of risk for the organization.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
4 Signs Your Board Thinks Security Readiness Is Better Than It Is