A CISO is responsible for many things in an enterprise. They are in charge of establishing security and governance practices, identifying security objectives, enabling a framework for risk-free business operations, and are responsible for reporting on cybersecurity to the Board of Directors. In order to be successful in their operations, the CISO needs to communicate effectively with the Board to ensure a proper understanding of cybersecurity and risk exposures as well as proper resources and funding to build out and maintain their security program.
Over the past two years, cybersecurity professionals have had to contend with increasingly dangerous ransomware attacks, the effects of the COVID-19 pandemic, and a changing regulatory landscape. This has not exactly prompted the change that was needed.
“Things seem to be where they were five years ago,” explained Kevin Powers. “Board of Directors understand that security is not a technical issue, it’s a holistic approach that’s needed to move forward, but we still seem to be where we were five years ago.”
There is a clear communication gap between CISOs (including other security and risk staff) and the Board….
