Almost half (46 percent) of board members believe compliance regulations help establish stronger security, but nearly 60 percent struggle with meeting increased mandates—a nearly 20 percent jump over the past two years, according to a nationwide survey by Osterman Research.
Chasm between intent and execution
Nearly half of the board members surveyed believe that regulations are very sufficient in helping to protect corporate data assets. However, as regulations increase, a growing proportion of companies struggle to satisfy their cyber security mandates.
Nearly 60 percent expressed that mandates are somewhat or very difficult to satisfy, a number that has increased by almost 20 percent from 2014 to 2016.
Knowledge is power
Three out of five board members believe that one or more of their fellow board members should be a CISO or some other type of cyber security expert.
With only one in six board members claiming substantial expertise in understanding the nuances and implications of cyber security issues, that power deficiency is driving a 60 percent belief that one or more board members should be a CISO or some other type of cyber security expert.
The drive to comply
The number one driver of board members making cyber security a top priority is complying with regulatory requirements. In the past two years, there has been an 11-fold increase in the number of organizations citing increased regulation from the government as a driver and a similarly dramatic increase from industry bodies.
Close behind, with a 10-fold increase, were fears of lawsuits and regulatory penalties. Shockingly, these factors drove more reaction and action than the experience of a breach at their own company.
“It is clear that boards understand that they are responsible for setting the cyber risk appetite of an organization. This current report shows that board members want to understand and be actively involved in the cyber risk reduction process. That includes making decisions that drive continuous compliance and going a step further by adding a board member with cyber-specific expertise who speaks the same language as the trusted security executives advising them,” said Ryan Stolte, CTO at Bay Dynamics.