October 29, 2018 | Tools & Templates | Team Structure and Management
This template is designed to be used to evaluate vendors performing a security program maturity assessment.
73% of organizations say either the CISO or CSO has primary responsibility for briefing board members on cybersecurity, while the CIO is responsible 27% of the time.
Full boards spend relatively little time on cybersecurity. More than half of boards spend only 1-5% of their meetings on cybersecurity, while just 7% of boards spend more than 10% of their meetings discussing security.
When it comes to partnerships between cybersecurity and the board, 64 percent of CISOs say they are in early stages, where the board is largely listening and learning from briefings, or maturing partnerships.