Closing the cybersecurity knowledge gap in the boardroom

Lacework publishes The Modern CISO Network: Board Book to help close the cybersecurity knowledge gap in the boardroom.

Lacework, a data-driven cloud security company, has announced the release of the first edition of The Modern CISO Network: Board Book, aimed to help close the cybersecurity knowledge gap in today's boardrooms.

Security has become a business-critical priority for every organisation and proposed new rules from the Securities and Exchange Commission (SEC) would require the Board of Directors of public companies to disclose which members, if any, have security experience.

Lack of communication with CISOs in boardrooms

A recent Harvard Business Review survey of 600 boardrooms revealed just 47% regularly interact with their company's CISO. That's likely because most boards don't have anyone with the security expertise to speak the CISO's language. According to research from the CAP Group, among Fortune 100 companies, just 51% have directors with relevant cybersecurity experience. The situation is even more alarming in the Fortune 500, where only 9% of boards have directors with a strong understanding of cybersecurity. In the Russell 3000, just 8% of companies have directors with cybersecurity acumen. These statistics underscore the urgent need for organisations to prioritise cybersecurity expertise at the board level to effectively address the evolving threat landscape.

"Cybersecurity goes beyond addressing technical risks. It is an organisational problem that requires business alignment and should be viewed as a strategic imperative," said David Christensen, Chief Information Security Officer, PlanSource.  "Including cybersecurity experience at the board level is necessary to overcome the perplexities that often accompany discussions around cyber-risk, allowing boards to ask the right questions and provide the right oversight."

New security regulations

Adding to the urgency, the SEC is expected to enforce new regulations that would require public companies to disclose which board members have security knowledge or experience, along with details about the board's approach to cyber oversight. The SEC published draft rules in March 2022 and is expected to finalise them in the coming months.

"Imagine if a corporate Board had not a single Director who understood how to read and interpret financial statements, or who could recognise that the CFO had overlooked some critical matter that had the potential to bankrupt the company. It is clear how that story would end. Somehow, however, despite all of us recognising that cyberattacks can inflict tremendous damage upon a business, many of today's boards oversee cyber-risk management with essentially the same level of blindness," said Joseph Steinberg, a cybersecurity board member, author, and expert witness.

"Boards need to alter their composition to include Directors who understand cybersecurity at a strategic level, who know how to oversee cyber-risk management and the function of making a business resilient against cyberthreats, and who can help boards appropriately direct and maintain their cyber-risk-oversight focus."

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI