The National Association of Corporate Directors (NACD) published a report titled “2017–2018 NACD Public Company Governance Survey”. Judy Selby did a remarkable write up on this report that can be found here. Of particular importance is the following:
“Twenty-two percent of directors indicated dissatisfaction with the quality of cyber risk information they receive from corporate management. Those directors do not believe that they have adequate transparency into the company’s cyber security problems or that the information they are receiving does not allow for effective internal and external benchmarking.”
What this conveys is a continued challenge experienced in the cybersecurity sector that technical threats are not being translated into business risk. The aspect of being able to benchmark is attainable only if organizations elect to participate in information sharing models, which many do not.