A new report from IANS, Artico Search, and The CAP Group reveals that CISO-board interactions are typically limited to 30-minute quarterly sessions, leaving cybersecurity discussions superficial and reactive. Only 30% of boards describe their CISO relationship as strong and collaborative. While boards are generally well-informed on current risks and regulatory trends, roughly half say reporting on AI-driven threats and emerging technologies needs improvement. Fewer than half of boards participate in tabletop exercises or crisis simulations, making oversight more passive than active. Experts recommend CISOs shift from a security-focused mindset to a business-risk mindset, framing cyber issues around what matters most to the board and fostering forward-looking, strategic conversations rather than status updates.
Sort: