Despite the scale and potential harm from cyber-attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to defend their companies against such attacks. It's not just a problem of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.
"Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats," said Gartner analyst Avivah Litan, a longtime cybersecurity consultant to many organizations.
Litan's worries seem to have reached some quarters of the corporate governance community. The National Association of Corporate Directors (NACD) recently released a survey of more than 600 corporate board directors and professionals that found only 19% believe their boards have a high level of understanding of cybersecurity risks. That's an improvement from 11% in a similar poll conducted a year earlier.
Meanwhile, when an attack does happen, there seems to be an excess of finger-pointing in the C-suite. IT execs disagree with their bosses over who is responsible, and say that a cyber-attack will cost double what the top-level execs believe it will.
There's plenty of blame to go around, as it turns out. Download our free PDF, below, to learn how to communicate better with the execs about cybersecurity, and why that matters.