Boards push security heads to minimize cyber risks

May 15, 2024
1 min read


Security leaders are feeling pressure from boards to downplay cyber risks, leading to a growing ‘credibility gap’. A report by Trend Micro found that 79% of IT leaders have felt pressure to understate cyber threats. Only half of respondents believe their C-suite understands the risks fully. To bridge the gap, CISOs should focus on expressing cyber risks in terms of business value.

Article Summary:

Senior cyber security professionals are facing pressure from boards to minimize the severity of cyber risks, creating a credibility gap between CISOs and boardrooms. A report by Trend Micro revealed that 79% of IT leaders have felt pressure to downplay cyber threats in their organizations.

Reasons for this pressure include CISOs being perceived as repetitive or negative by the board. Despite efforts to update boards on potential risks, a third of senior security personnel reported being dismissed by the board.

Furthermore, only half of respondents believe their C-suite fully comprehends the cyber risks facing the organization. To shift these attitudes, 80% of respondents believe that a serious breach is necessary for boards to take decisive action on cyber risks.

To address this issue, CISOs should focus on expressing cyber risks in terms of the business value that cyber resilience can deliver. When security leaders can measure the business value of their cyber security strategy, they are viewed with more credibility and given more responsibility within the organization.

Experts suggest that CISOs often fail to convey cyber risks effectively to boards by relying on technical jargon and statistics. Instead, they should frame cyber risks in the context of wider business risks to justify the level of investment required to enhance cyber resilience.

Ultimately, bridging the credibility gap between security leaders and boards is crucial for organizations to effectively address and mitigate cyber risks.

Latest from Blog

Top VPN’s privacy claims confirmed by independent auditors

TLDR: Independent auditors from Deloitte Romania confirmed CyberGhost VPN’s privacy claims through a detailed audit of their systems. Auditors found that CyberGhost’s no-logs infrastructure works as expected, ensuring user data privacy. Independent

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for