A Third of CISOs Have Been Dismissed “Out of Hand” by the Board

Written by

Global CISOs are routinely belittled and dismissed as being overly negative by their board, according to new Trend Micro research highlighting a “credibility gap” within the function.

The security vendor polled 2600 IT leaders with responsibility for cybersecurity to compile its latest report, The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience.

It revealed that CISOs are failing to win the trust of business leaders. Of those interviewed, 79% claimed they have felt boardroom pressure to downplay the severity of cyber-risks facing their organization.

Of these:

  • 43% said it is because they are seen as being “repetitive” or “nagging”
  • 42% claimed that they are viewed as overly negative
  • 33% have been dismissed “out of hand” by the board

This matters, because an unengaged board is less likely to think of cybersecurity in strategic terms. A third (34%) of responding CISOs claimed cyber is still treated as part of IT rather than business risk in their organization.

Unengaged or disinterested boards also tend to eschew proactive investments in cyber – leading ultimately to breaches and rash, reactive spend to shore up defenses, the report argued.

Read more on CISO-board alignment: UK Boards Are Growing Less Concerned About Cyber-Risk

Some 80% of respondents claimed that the board would only be incentivized to act decisively on business risk if a breach occurred. They estimated that, on average, a financial loss of £150,000 would be enough to nudge the C-suite into action.

“On the other hand, when they are able to align cyber with business strategy, the benefits are clear,” the report continued. “Half (46%) of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.”

Over two-fifths of respondents said they have been given more budget (43%) and responsibility (45%) as a result, with a similar share (41%) reporting that they’ve been brought into senior decision making.

What’s hot on Infosecurity Magazine?