Security executives and boards of directors still aren’t seeing eye to eye when it comes to cybersecurity reporting, and that’s not the only aspect they have different views on.
While CISOs have earned their “seat at the table,” they aren’t delivering the business-relevant reporting that’s valuable to the board, a major communication issue that’s often discussed and likely tied to the findings in a new study.
According to research by risk management firm Focal Point Data Risk, the two groups have different perspectives when it comes to measuring and communicating risk, assessing the effectiveness of security programs, and the overall value of cybersecurity.
The research involved one-on-one interviews with more than 50 CISOs and security directors, 25 corporate directors, and 10 subject matter experts that work with the two groups.
The findings highlight how each group perceives the other’s roles and responsibilities, as well as their overall stance on cybersecurity within the organization.