"Nearly seven in ten CISOs and CIOs say they've been told to stay quiet about security incidents, a sign of how often the desire for more transparency conflicts with reputational risk management. At the same time, only 64% of CISOs say their boards see eye-to-eye with them on cybersecurity, a sharp decline from 84% last year. This disconnect leaves organizations exposed to the reality of how impactful security incidents are as cyber risks grow more frequent and costly,"
"If boards reduce CISOs to mere cost-center defenders measured only by audits passed, vulnerabilities fixed, or incidents avoided, they are far less likely to heed critical security and GRC recommendations - a stance that creates major, avoidable risk for the organization. One example: 64% of CISOs who were forced to forgo support for a business initiative due to insufficient security funding said the cutback led to a breach or other incident."
Nearly seven in ten CISOs and CIOs report being told to stay quiet about security incidents, while only 64% of CISOs say their boards align with them on cybersecurity, down from 84% last year. Growing breach frequency and costs, with the global average breach exceeding $4 million, heighten organizational exposure. Treating CISOs as cost-center defenders measured only by audits or avoided incidents reduces board receptivity to security and GRC recommendations and increases avoidable risk. Insufficient security funding has been linked to breaches after cutbacks. CISOs must evolve into business-savvy enablers, tie security and GRC to growth outcomes, and use data-driven insights to prove value.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]