CISO should not be blamed for cybersecurity; the BOD, board members and even every employee are responsible for the security of an organization. The board members should get enough knowledge of security. They should use the experience while making strategies. This is how they can improve their security function within an organization. Employees should be trained about cybersecurity to build an organization more secure.
The board should know what the CISO is doing, and the CISO should know about the board activities. The CISO and the board must work together to set the expectation for CISO to meet.
Given below are four-point that prove the CISO and board relationship is broken
Not presenting to the board
If the CISO is not presenting their report to the board regularly and someone else is doing it for them as a proxy, it means the relationship between board and CISO is not good. CISO should present their report to the full board at least once a year.
Lack of discussion
It is the responsibility of the board to provide effective challenge to the CISO if they fall to do so, how will CISO deal with those challenges. So lack of discussion may lead to security concerns, and this is a sign that the CISO doesn’t have a strong relationship with the board.
Being left out of early conversations
The board members do not trust the CISO, who aren’t frequently connecting with their c-suite colleagues to contribute perspectives on business strategies. If the CISO is not involved in the discussion around strategy upfront, it means the CISO is not relevant enough to be a consultant on risks.
Recommended fixes
The CISO can take various moves to build up the trust themselves and the board members.
Know your company’s risk tolerance
When it comes to risk tolerance within an organization, the board and CISO should find themselves on the same page. If an organization lacks the articulation of board appetite and understanding of risk, then the CISO should work closely with the board to accomplish the goal they have established.
Establish connections
To improve security within an organization, CISO should create a healthy relationship with the board. The board must assist CISO to accomplish their goal. CISO must work beyond their schedule, to determine how to break barriers they have in their board.
CISO needs to communicate with leaders learns their working style ad strategies they have used. C-suite leaders should connect with the board members during the meeting and discuss how to work together to deal with cybercrimes.