Cyber security is now one of the top concerns for boards, yet those board members responsible for owning cyber security risks typically have low levels of understanding. In one study, a majority of board directors said they “only somewhat” understand their company’s cyber security vulnerabilities. Only one-third of IT and security executives believe their interactions with the board reduce organisational risk.
As a result, boards and executives don’t really understand what cyber capacity they need and their default position is to hire a CISO and let them deal with it. Those who have been burned with a bad hire have no idea what to put in place instead.
We estimate the cost of a bad CISO hire to be at least £7.6 million for a typical large corporation, which encompasses average remuneration for the average CISO tenure of 2.3 years, associated hiring costs and an estimated budget wastage on unfinished cyber projects.
Boards need independent trusted cyber advisors to help them effectively interrogate all aspects of cyber leadership, strategy and execution.
Savanti’s Board Advisory Service provides access to highly experienced trusted cyber advisors, who can supplement the knowledge and capability of the existing board. Our advisors will provide support and assurance to key decisions such as CISO hiring, major security investments, strategy & operating model design, as well as helping the board know what questions to ask their CISO.
Additionally we can provide a mentor to your existing CISO, to help develop their capability further to better support your business. This is especially useful when promoting from within rather than looking for new talent in an extremely challenging market.