Research has been undertaken by the University of Oxford and ISTARI across the US, Europe and Asia to understand how CEOs think and feel about cyber security. The research was based on interviews with 37 CEOs from large global companies, 9 of whom had experience of leading companies through major cyber attacks. The research provides a better understanding of how CEOs manage their cyber risk and lessons to be learnt from cyber attacks, finding that:
- most CEOs are uncomfortable making cybersecurity decisions,
- CEOs prefer to talk about resilience than cybersecurity, and
- CEOs place trust in their Chief Information Security Officers (CISOs).
The research concludes by suggesting that this new understanding highlights an opportunity to create stronger working partnerships between CEOs and CISOs. This can be achieved by framing cyber strategy through a resilience lens, and facilitating a transition from blind trust to informed trust, by encouraging independent evaluation and scrutiny.
Read the full research article “We asked CEOs about cybersecurity and resilience: Here’s what Information Security Officers must know” online from the World Economic Forum.