Cybersecurity: The 2022 Board Perspective

Cybersecurity From the Top: The Board Perspective

Not long ago, few boards of directors knew much about cybersecurity risks, let alone took an active interest in the topic. That mindset has changed dramatically in recent years. But as this report shows, we still have some way to go.

Overall, board members are confident they understand the threat landscape, prioritize cybersecurity appropriately and have invested enough to keep their organizations safe. Still, in light of rising rates of cyber attacks and differing and sometimes conflicting opinions among CISOs, this optimism may be misplaced.

Bridging the disconnect is vital. CISOs and the wider board need open lines of communication. But often, boards are relentlessly focused on the bottom line and CISOs mired in technical language. Over time, effective business-first communication gives way to muddled perceptions and misaligned priorities.

At a time when we are more connected and digitally reliant than ever, this board-CISO relationship has never been more important. It has also never been more challenging. To protect people, defend data and ensure continued organizational success, CISOs must communicate effectively with their boards. That means putting threats in perspective, fostering collaboration and driving accountability. At the same time, board members need to work to understand how cybersecurity risks can affect their organizations’ business goals.

To explore the situation further, Proofpoint commissioned a survey of 600 board members at organizations with 5,000 or more employees across 12 countries: the U.K., the U.S., Canada, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil and Mexico. Working with researchers at MIT Sloan’s research consortium, Cybersecurity at MIT Sloan (CAMS)1, we analyzed the responses and summarized the insights. We also compared some of the results to corresponding findings from our recent Voice of the CISO Report. We hope these insights help shine a light on how well CISOs and the wider board understand each other.

This report would not have been possible without the participation of board members around the globe as well as our coauthors and research partners at CAMS. Thank you for your valuable support, insights and feedback.

Lucia Milica, Global Resident CISO at Proofpoint