Despite board concern about security, CISOs are still not reporting to CEOs


Eighty-two percent of corporate boards are concerned about cybersecurity, but only 14 percent of chief information security officers report to the CEO, according to a survey of 461 IT security professionals by the non-profit IT association lSACA and the RSA Conference.

This gap at the highest levels of corporate management is playing out in an environment where 74 percent of security pros expect a cyberattack this year and 30 percent experience phishing attacks daily, according to ISACA/RSA's State of Cybersecurity study.

A cybersecurity skills gap also poses a threat to enterprise security. The past year saw a 12-point drop in the percentage of security pros who are confident in their team's ability to detect and respond to incidents, from 87 percent in 2014 to 75 percent in 2015. Among those 75 percent, six in 10 did not believe their staff could handle anything beyond simple cybersecurity incidents.

The study also looked at the connections between security risk and two emerging industry trends: artificial intelligence and the Internet of Things. Respondents believe that AI will increase risk in both the short (42 percent) and long (62 percent) term.

More than half of respondents are concerned or very concerned that the Internet of Things will expand attack surfaces and exacerbate cyber risk.

The survey also found a marked lack of situational awareness for professionals who report that cybersecurity or information security is their primary role.

For more:
- check out the ISACA/RSA release

Related Articles:
Senior corporate leadership attention doesn't translate into more money for security
C-suite is confused about who poses the biggest cybersecurity threat
CISOs face challenges talking to boards about cyber risks

Filed Under