A recent Forbes article mentions 68% of senior IT professions do not think their boards are being briefed on mitigating controls for cyber risks. I was surprised by the percentage. Either companies are not managing up, or down, or are not doing enough to mitigate cyber risk.
https://www.forbes.com/sites/gilpress/2018/03/15/cybersecurity-by-the-numbers-market-estimates-forecasts-and-surveys/#5b079c3212c4
That’s quite interesting Christie to see this percentage, though I still doubt this to be far lesser, considering that most senior level professionals in organizations do have a keen knack of latest security standards in IT Infrastructure. I see that many companies fail to implement cyber standards either because of cost factors or because of unwillingness to change the existing systems in place. This is bad and I think more than implementation, senior IT professionals should be trained well on the pros and cons of mitigating controls for cyber risks