A new survey reveals that board members tend to feel good about their company’s cybersecurity policy, but that many are still unprepared to face a cyberattack.
The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.
However, 73 percent of board members believe their company is at risk of a major cyber attack in the next 12 months — up from 65 percent in 2022. In addition 53 percent report that their companies are unprepared to cope with a targeted attack, up from 47 percent last year.
Concerns about emerging tech such as generative AI are a factor too, with 59 percent of survey respondents believing that generative AI tools like ChatGPT are a security risk for their business.
The study also looks at how board members work with their CISOs. 53 percent of directors say they interact regularly with their security leaders. That’s up from 47 percent in 2022. But there’s still room for improvement. Less than two-thirds (64 percent) of board directors agree that they understand cybersecurity issues well enough to have an informed discussion with their CISO.
65 percent of board members report seeing eye-to-eye with the CISO. A finding which aligns with an earlier Proofpoint report published in May which found that 62 percent of CISOs surveyed agreed that their board sees eye-to-eye with them on cybersecurity issues.
The report’s authors conclude, “Ultimately, security leaders and their fellow board members are united by a shared objective — ensuring the long-term success and stability of their organisation. But to achieve this aim, the board must be willing to support CISOs as they deliver the business-focused strategy and insight needed to respond to the cyber challenges of today — and tomorrow.”
The full report is available from the Proofpoint site.
Image credit: AndrewLozovyi/depositphotos.com