When it comes to cybersecurity reporting, CISOs must communicate security risks, priorities and initiatives in the language of business to earn the attention and respect of board directors.
Although new research revealed that the state of cyber resilience is improving — especially regarding executive engagement — there is still room for improvement.
A recent government survey found that 43 percent of U.K. businesses experienced cybersecurity breaches in the last 12 months.
A failure of imagination could cause business leaders fail to account for predictable cyber risks due to a misperception of the company's incident response capabilities and cyber resilience posture.
Asking the Right Questions: Key Takeaways From the CAQ’s ‘Cybersecurity Risk Management Oversight’ Guidance
The Center for Audit Quality (CAQ)'s "Cybersecurity Risk Management Oversight" guidance outlines key questions that board directors should ask about how the organization addresses risk.
As long as C-suite executives believe that cybersecurity is an IT issue, they will remain disengaged from the solutions and their role in supporting a robust cyber risk management strategy.
Lessons From the Marsh ‘Global Cyber Risk Perception Survey’: Disconnects Persist Despite Increased Executive Involvement
Despite in increased involvement of various stakeholders in risk management, a recent risk perception survey revealed a persistent disconnect between executives and the security function.
The International Standards Organization (ISO) released an updated version of its risk management guidelines to help security leaders engage top leadership in cyber risk decision-making.
According to a recent survey, less than 30 percent of IT security executives said they would be able to prevent ransomware attacks such as WannaCry and Petya.
In the rush to deflect blame in the wake of an insider attack, many organizations fail to answer critical questions that could help them avoid similar cases of employee fraud in the future.