Ultimately, the report emphasizes, this reinforces a familiar pattern: Updates effectively explain the current state, but are less effective at preparing directors for what comes next.
Board involvement is critical for cybersecurity
Getting board buy-in is critical, as data and digital capabilities are integral components of business strategy. Risks created by emerging technologies and methods of using data are, as a result, “becoming more impactful on an organization’s health,” said Kakolowski.
In the strongest security-first organizations, CISOs are “deeply aware” of the risks that are most important to the business, and are able to contextualize cyber issues into those risks, he said. “They aren’t getting the board up to speed on cyber issues; they are shaping the cyber agenda around the risks that matter to the board and, implicitly, the broader organization.”
