Cyber hackers around the globe are targeting the high value and confidential information of U.S. corporations. No longer can companies ignore the possibility of having cyberattacks that lead to massive costs during incident response and damage to the company’s reputation. But, are boards of directors stepping up to the plate to help their organizations achieve a stronger cybersecurity posture and defend against these costly attacks?
Our new report, Defining the Gap: The Cybersecurity Governance Study, sponsored by Fidelis reveals how most boards of directors do not have the necessary knowledge and full understanding of the threats facing their organizations. Only 33 percent of board members in our study report they are knowledgeable about cybersecurity. As a result, information security professionals do not trust that the board is capable of dealing with cybersecurity governance due to a lack of knowledge and visibility.
We also found a deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks. Specifically, 59 percent of board members say their company’s cybersecurity governance practices are very effective. In contrast, only 18 percent of IT security practitioners say they are very effective.