Although recent research by Baydynamics shows that 89% of board members said they are very involved in making cyber risk decisions, when you dig a little deeper into the statistics, it seems that the situation is not as rosy as one would be led to believe.
The research shows that:
- 60% of IT/security execs believe that the information they provide to the board does not contain actionable information.
- 59% of board members say an IT executive’s job is at risk if they do not provide useful and actionable information.
- Less than 40% of IT execs believe that risks are reduced as a result of their conversations and reports to the board.
- Only 12% of IT execs provide weekly security reports and 26% report monthly.
- 70% of board members say they understand the security information that’s being presented to them, yet only a third of security executives believe that to be true.
- While the majority of board members say they understand everything they’re being told by IT and security executives in their presentations, more than half believe the data presented is too technical.
Lack of effective communication and explanations
When one considers the above, it is clear that IT security executives are not effectively communicating the right information about their cyber risk exposure to their boards, and are also not providing them with explanations of what the data means and how to take action to protect the organisation from such risks.
74% of boards want to understand cyber risk reports
Given that 74% of IT execs believe their boards want reports in understandable language that does not require board members to be cyber security experts, it is essential that security executives focus on improving their cyber risk reports.
IT Governance’s three-day Cyber Health Check combines on-site consultancy and audit, remote vulnerability assessments and an online staff survey to assess the organisation’s cyber risk exposure and identify a practical route to minimise those risks.
The health check provides you with a concise report describing your current cyber risk status and critical exposures, and draws on best practice, such as ISO 27001 and Cyber Essentials, to provide recommendations to reduce your cyber and compliance risks.
In addition – and importantly – the service will help you to identify and understand how to transform your organisation’s cyber security stance, enabling you to implement the best possible solutions for your budget and business requirements.
Find out what a Cyber Health Check ought to look like.