Given the high level of security awareness among the general population, convincing a board of directors that information security matters should be an easy task—in theory, at least.
However, company directors have a lot to think about. After the financial crash of 2008–9, sheer commercial survival may have been uppermost in their minds, almost to the exclusion of all else. Spending more money on a potential threat, while real and immediate threats proliferated, might have seemed a less than compelling prospect.
Even in these less frantic times, global competition is intense and few companies have the luxury of spending money without being able to see a tangible return on their investment.
So how does the CISO gain attention of the board, and how does he or she justify future investments?
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program