Why Security Pros Should Provide Useful, Actionable Info to Top Brass
A majority of board directors and top execs said failing to give them useful cyber-risk information would likely lead to security professionals' dismissal.Providing the right type of security reports to company leaders and boards of directors is crucial and could also affect IT executives' careers, according to new research sponsored by Bay Dynamics. More than half (59 percent) of board members indicated that one or more security executives would lose their jobs as a result of not providing useful and actionable information to the board, the report found. Additionally, 34 percent of respondents indicated that a warning would be given for a failure to provide the right information. "[The board] would fire whomever is in charge of presenting cyber-risk reports," Ryan Stolte, co-founder and CTO at Bay Dynamics, told eWEEK. "Oftentimes, that person is the CISO. In some cases, the CIO or CTO reports to the board, which in that case, that person would lose his/her job." In a report published by Bay Dynamics in February, the company surveyed senior IT professionals and found that 40 percent were providing information to the board that is actionable.
Of particular note about the new study, though, are multiple contradictions between responses about understanding about security reports. For example, the study found that 97 percent of respondents indicated that they know what to do with data reported by the security and risk organization. Yet, in response to a different survey question, 85 percent of respondents said that IT and security need to improve the way they report.
"This is a positive finding; it demonstrates the board really is paying attention to cyber-risk and giving it the same, if not more, attention than other risks to the business," Stolte said. "It also shows that cyber-security has come out of the 'techie' corner and it is no longer an isolated task that only the IT and security team manages." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.