62% of board members say their organisations are unprepared for a cyberattack 

This is despite their belief that they have invested adequately in cybersecurity.

More than six in 10 board members believe their organisations are unprepared for a cyberattack that may occur in the next 12 months, a study by cybersecurity company Proofpoint showed.

This is despite their belief that they have invested adequately in cybersecurity (78%) and that their data is adequately protected (66%). 

“Awareness and funding do not translate into preparedness,” commented Proofpoint.

A way to further strengthen an organisation's defence against cyberattacks is solving the disconnect between board members and chief information security officers (CISOs), said Proofpoint. 

In Singapore, there is a disconnect between board members and CISOs.

According to the study, board members and CISOs have different concerns about the threats they face.

Whilst board members are concerned about email fraud/business email compromise (BEC) and ransomware (36%) the most, CISOs ranked Distributed Denial of Service (DDoS) and cloud account compromise as their top two concerns.

The two groups also disagree in terms of what is the most important consequences of a cyber incident.

For board members, reputational damage is their top concern (40%), followed closely by internal data becoming public (38%). 

Singaporean CISOs, on the other hand, are more worried about significant downtime, disruption of operations, and loss of current customers.

“Board members need to look for ways to make CISOs their strategic partners. With cybersecurity risk front and centre on boardroom agendas, a better alignment of CISOs’ and boards’ cybersecurity priorities will only serve to improve their organisations’ protection and resilience,” said Keri Pearlson, executive director at Cybersecurity at MIT Sloan (CAMS).