Per Ponemon Research - Company BOD and Senior Executives are not Actively Engaged in Ensuring the Effectiveness of Cybersecurity Strategy
The results of this report demonstrate a clear lack of accountability, especially among C-suite executives and boards of directors, and a lack of confidence in determining the efficacy of security technologies. 69 percent of those surveyed view their organizations' security approach as reactive and incident driven.
The Ponemon Institute research team spoke with over 500 IT and IT security practitioners in the United States who are knowledgeable about their organizations' IT security strategies, tactics, and technology investments. Other information presented in the report includes:
- 63 percent of respondents say their IT security leadership needs better monitoring tools to improve their ability to communicate the effectiveness of their security infrastructure and its potential gaps to the C-suite and board
- 63 percent of survey respondents say their IT security leadership does not report to the board on a regular basis, and 40 percent say they don't report to the board at all
- 14 percent of respondents say their IT security leadership only reports to the board following a security incident
- Only 28 percent of respondents say the board and CEO determines and/or approves the acceptable level of cyber risk for the organization
- Only 21 percent of respondents say their board and CEO require cybersecurity due diligence in a merger and acquisition process, a critical step to minimizing potential risk