According to the Boardroom Cyber Watch Survey 2014, 32.5 per cent of boards do not receive any information about their organisation’s cyber security posture or activities.
Of the 55 per cent that do receive regular reports, 19 per cent% receive reports only annually. “Many boards remain in the dark about security issues, and show no interest in addressing them,”said Neil Ford of IT Governance.
“It’s astounding that nearly a third of boards know nothing – and want to know nothing – about the security of the information their organization collects, holds, and processes.”
The study also found that 29 per cent of respondents said fear of retribution discouraged their IT department from disclosing details of cyber breaches to top management. Also, 51 per cent of those surveyed say they accept the inevitability that some attacks will be successful and that their objective moving forward is to achieve a state of ‘cyber resilience’ in order to minimise successful attacks and to recover quickly when breaches are suffered.