Survey: Boards, security executives mismatched on cyber threats
Company boards are struggling to get on the same page with lead security executives on how susceptible their organizations are to cyberattacks, according to a new survey.
Driving the news: Email security company Proofpoint and MIT Sloan School of Management's cyber program released a survey Tuesday detailing how 600 board directors worldwide view the cyber threats facing their companies.
- The survey was conducted Aug. 11–22 this year.
- Respondents came from companies with at least 5,000 employees across a range of sectors, such as tech, manufacturing, financial services and retail.
By the numbers: While nearly seven in 10 board members said they see eye to eye with their chief information security officers on cyber threats, only 51% of CISOs felt the same way.
- 65% of board members worldwide said their organizations are at risk of a "material" cyberattack in the next year, compared to 48% of CISOs.
- In the U.S., that discrepancy was higher: 78% of board members said they're at risk, compared to 34% of CISOs.
- Roughly three in four board members globally also believe their organizations have "adequately invested" in cybersecurity.
- 41% of board members believe business email compromises are the biggest threat to their industry this year, compared to 30% of CISOs.
Why it matters: Competing perceptions of the threat landscape could make it difficult for CISOs to get board members to support their plans for securing their organizations.
The big picture: Regulators are considering placing more pressure on board members to understand company cybersecurity plans after a string of high-profile breaches.
- Under proposed SEC rules, company boards of directors would be responsible for conducting oversight of cybersecurity risks.
Sign up for Axios’ cybersecurity newsletter Codebook here.