Ponemon Study: Only 28 Percent of Enterprises Say CEO and Board Approves Acceptable Level of Cyber Risk, Demonstrating Clear Lack of Accountability

Ponemon Study: Only 28 Percent of Enterprises Say CEO and Board Approves Acceptable Level of Cyber Risk, Demonstrating Clear Lack of Accountability

Ponemon Institute report demonstrates a lack of , especially on the board and among C-suite executives

Ponemon Study: Only 28 Percent of Enterprises Say CEO and Board Approves Acceptable Level of Cyber Risk, Demonstrating Clear Lack of Accountability

According to the findings, the and senior leadership are not actively engaged in ensuring the effectiveness of their organization’s security strategy. Key data points include:

  • 63 percent of survey respondents say their IT security leadership does not report to the board on a regular basis, and 40 percent say they don’t report to the board at all
  • 14 percent of respondents say their IT security leadership only reports to the board following a security incident
  • Only 28 percent of respondents say the board and CEO determines and/or approves the acceptable level of cyber risk for the organization
  • Only 21 percent of respondents say their board and CEO require cybersecurity due diligence in a merger and acquisition process, a critical step to minimizing the potential risk