In a survey of 200 IT security professionals at US$5 billion plus turnover companies in the USA, and 151 IT pros from £500 million plus turnover UK organisations, 71 percent of UK respondents considered their corporate board to be cyber-security literate compared to 57 percent of their US counterparts .
Only half of US IT pros said their company's corporate board had a member responsible for cybersecurity compared to 71 percent of the UK respondents.
Nearly a third (32 percent) of US respondents believed the information presented to the board did not accurately represent the urgency and intensity of the cyber-threats targeting their organisation compared to just 13 percent of UK IT pros saying the same thing.
“Cybersecurity is definitely a boardroom issue, and I'm encouraged that more organisations are engaging on this topic,” said Dwayne Melancon, chief technology officer for Tripwire which announced the results today of the study conducted by Dimensional Research on the cyber-security literacy challenges faced by organisations. The study, carried out in May 2015, evaluated cyber-security risk decision-making and communication between IT security professionals, executive teams and boards.
Melacon adds: “However, engaging and doing so effectively are two different things.”
Regarding major security events having the biggest impact on a board's cyber-security awareness, 34 percent of UK respondents said an internal security breach at their organisation, while 74 percent of US respondents said high-profile external breaches, such as Sony Pictures, Target and the Snowden leaks, had the most impact.
Melancon continued, “From my experience, I believe some of the respondents may be overly optimistic about the cyber-security literacy of their boards, which could be a challenge. Fortunately, a good number of organisations recognise that their current approach to depicting cyber-security status falls short of their goal of creating an appropriate sense of urgency within their executive ranks.”