Is There a Cyber-Security Confidence Gap?
C-level executives don't share the confidence levels of others in the organization that they're giving their board of directors all the information they need to make sound security decisions. While they are confident in their own cyber-security literacy, about a third of C-suite types don't believe boards are being properly equipped to make sound security decisions, and they don't think they have the right tools to accurately present cyber-security risks to the board. Conversely, IT professionals are more confident in the quality of board briefings, but they don't believe board members grasp the topic fully. Such are some of the findings of a recent survey from threat-detection vendor Tripwire, and a spokesman for the company suggested that bridging this risk-assessment gap is critical to reducing the number and scope of breaches. "The reality is that an extremely secure business may not operate as well as an extremely innovative business," said Dwayne Melancon, Tripwire's chief technology officer. "This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cyber-security risks." The company surveyed 200 business executives and 200 IT security professionals at large U.S. companies.