Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

How Boards of Directors Really Feel About Cybersecurity Reports

by Corporate Compliance Insights
June 14, 2016
in Governance
How Boards of Directors Really Feel about Cyber Security Reports

New Report Reveals Majority of Board Members Say Cybersecurity Executives Will Lose Their Jobs for Poor Reporting

Bay Dynamics Unveils “How Boards of Directors Really Feel about Cyber Security Reports”

Bay Dynamics®, a leader in cyber risk analytics, unveiled today a new report that details board members’ perspectives about the cyber risk information reported to them by IT and security executives. The report titled, “How Boards of Directors Really Feel about Cyber Security Reports,” reveals that more than half of IT and security executives will lose their jobs as a result of failing to provide useful, actionable information. It also highlights significant contradictions such as while the majority (70 percent) of board members say they understand everything they’re being told by IT and security executives in their presentations, more than half believe the data presented is too technical.

The report is based on a nationwide survey, conducted by the third party research firm Osterman Research, of 125 enterprise executives that actively serve on a board of directors and receive reports about companies’ cyber security programs. Some of the additional findings include:

  • The board is paying attention: 89 percent of board members said they are very involved in making cyber risk decisions.
  • Cyber risks outweigh other risks: Cyber risks were the highest priority for 26 percent of board members surveyed, while other risks such as financial, legal, regulatory and competitive risks had the “highest priority” scores no higher than 16 to 22 percent.
  • There’s room for reporting improvements: Although more than three in five board members say they are both significantly or very “satisfied” and “inspired” after the typical presentation from IT and security executives about the company’s cyber risk, the majority (85 percent) believe that IT and security executives need to improve the way they report to the board.

The board report complements another report released by Bay Dynamics in February 2016 titled “Reporting to the Board: Where CISOs and the Board are Missing the Mark” which is based on a survey conducted by Osterman Research asking IT and security executives about how they report information to the board. Highlights of comparable data from both reports include:

  • The board says cyber risk information is actionable. IT and security executives say otherwise: While an overwhelming majority of board members (97 percent) say they know exactly what to do or have a good idea of what to do with the information they are presented by IT and security executives, only 40 percent of IT and security executives believe the information they provide to the board is actionable.
  • Board members say they understand, but IT and security executives don’t believe they do: Although 70 percent of board members surveyed said they understand everything they’re being told by IT and security executives in their presentations, only one third of IT and security executives believe the board comprehends the cyber security information provided to them.
  • There’s confusion regarding how cyber risk information is collected: Half of board member respondents believe IT and security executives use manually compiled spreadsheets to report cyber security data to the board. When in actuality, 81 percent of IT and security executives report they employ manually compiled spreadsheets to report data to the board.


Previous Post

The Key to Thwarting Cyber Risk

Next Post

Stopping Spreadsheet Fraud

Corporate Compliance Insights

Related Posts

illustration of executive standing center stage with team in silhouette behind him

COVID-19: Navigating the “CEO Moment”

January 13, 2021
clipboard with silver bow and new year's resolutions list on blue background

New Year’s Resolutions for the Board in 2021

January 11, 2021
PwC: Board Effectiveness – A Survey of the C-Suite

PwC: Board Effectiveness – A Survey of the C-Suite

December 28, 2020
quality level dial set to "high"

Caremark: Even the Highest Standard Can Be Met

December 23, 2020
Next Post
The risk of accounting fraud is real – do you know how to prevent it?

Stopping Spreadsheet Fraud

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights