Security News > 2020 > October > Tactical vs Strategic: CISOs and Boards Narrow Communication Gap
This is the rider in the Boards' willingness to invest - all three of these investment triggers are reactive; that is, they are tactical responses rather than strategic plans.
"The fact Boards mainly approve investments after a security incident or through fear of regulatory penalties for non-compliance," comments Terence Jackson, CISO for the privilege management firm Thycotic, "Shows that cybersecurity investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry's ability to keep pace with the cybercriminals."
"One area that I think is key," he said, "Is that the communication between the CISO and the executive Board is getting better. In previous research we found that there was a language barrier between the CISO and the Board - the CISO would think very much about fear and doubt and threats and risk and tend to stress that fear factor. However, this report now shows that CISOs are both being listened to, but also getting the follow through budget. In the past, CISOs and the Board weren't speaking the same language. This report shows that the communication gap between the CISO and the Board is closing."
Joseph Carson is fairly upbeat and positive about how the Boards are beginning to take cybersecurity seriously and fund what is necessary.
There is little in the survey to suggest that boardrooms are ready to support their security teams with longer term strategic rather than tactical approaches to cybersecurity - and it is the strategic approach that is necessary to thwart the adversaries.