Ponemon Study: Only 28 Percent of Enterprises Say CEO and Board Approves Acceptable Level of Cyber Risk, Demonstrating Clear Lack of Accountability
Ponemon Study: Only 28 Percent of Enterprises Say CEO and Board Approves Acceptable Level of Cyber Risk, Demonstrating Clear Lack of Accountability
Ponemon Institute report demonstrates a lack of #accountability, especially on the board and among C-suite executives
According to the findings, the #board of directors and senior leadership are not actively engaged in ensuring the effectiveness of their organization’s security strategy. Key data points include:
- 63 percent of survey respondents say their IT security leadership does not report to the board on a regular basis, and 40 percent say they don’t report to the board at all
- 14 percent of respondents say their IT security leadership only reports to the board following a security incident
- Only 28 percent of respondents say the board and CEO determines and/or approves the acceptable level of cyber risk for the organization
- Only 21 percent of respondents say their board and CEO require cybersecurity due diligence in a merger and acquisition process, a critical step to minimizing the potential risk