New Study: Board Members Not Watching Security, Business Risks
Linda McGlasson writes on BankInfoSecurity.com:
At a time when risks are high and consumer confidence is low, corporate boards of directors aren't paying nearly enough attention to information security and cyber threats.More here.
This is the key takeaway from a new Carnegie Mellon University CyLab survey [.pdf], which shows that there is a "gaping hole as wide as the Grand Canyon" in board and senior executive oversight of these critical business issues.
The report draws on data from 703 individuals (primarily independent directors) serving on U.S-listed public company boards. Only 36 percent of the respondents indicate that their board has any direct involvement with oversight of information security. Of those respondents, 22 percent of them are from the financial services industry, where federal regulations mandate board responsibilities.
"The board members and CEO of these companies don't understand that information security governance is really the Grand Canyon and not a crevice," says survey author Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk. "They don't understand that IT risks are corporate risks."