Cyber security pros say boards, CEOs and CFOs don't 'get' cyber security risk

Half of infosec pros believe boards have big gaps in their understanding of cyber risk - or don't understand it at all

Forty-five per cent of cyber security professionals believe their board of directors have a major gap in their understanding of cyber risk, or don't understand the risk at all, according to research by recruitment firm Harvey Nash, who interviewed almost 200 senior cyber security professionals.

This should be a concern to businesses as over half (54 per cent) of boards are ultimately accountable for the cyber strategy in their companies.

But it isn't just the board that has a limited understanding according to many cyber security professionals - the senior executive team have a limited understanding of the cyber risk too; 29 per cent said that their CEO had a limited understanding of cyber risk with some major knowledge gaps.

Thirty-three per cent said the same for the chief operating officer, 41 per cent for the chief financial officer, and 32 per cent for the chief marketing officer.

While there were fewer cyber security pros who said that CIOs and CTOs had a limited understanding of cyber risk issues, the numbers were still perhaps a bit concerning from an IT point of view - 16 per cent of cyber security pros said their CIO had a limited understanding of cyber risk, and 17 per cent said the same for their CTO.

But there was only a minimal amount of cyber security pros who said that CIOs and CTOs had no understanding of cyber risk whatsoever (one per cent and two per cent respectively). The number grows for CEOs (four per cent), COOs (five per cent) and CFOs (eight per cent), with CMOs having the biggest proportion of cyber security professionals suggesting they have no clue at all about cyber risk (11 per cent).

As the number of data breaches in companies is constantly rising, Computing questioned who would be to blame when a company suffers from a data breach, with CIOs having differing opinions on who is ultimately accountable.