40 Percent of Security Practitioners Don’t Report to the Board

40 Percent of Security Practitioners Don't Report to the Board

63 percent of American security practitioners don’t report to their C-Suite board on a regular basis. In fact, 40 percent say they don’t report at all. Continuous security validation provider AttackIQ, working with the Ponemon Institute, discovered these findings in a survey of 577 IT practitioners. You can read it here.  

Our SIEM Buyer’s Guide helps you evaluate the best solution for your use case and features profiles of the leading solution providers.

Additionally, AttackIQ and Ponemon Institute also learned: 

  • 69 percent of American security practitioners say their enterprise security focuses on reactions and incidents.
  • 63 percent say their IT security leadership needs better monitoring tools to improve their communication and security infrastructure effectiveness.  
  • Also, 56 percent report their IT security infrastructure suffers from coverage gaps.
  • Simultaneously, only 24 percent of respondents say they have a mature measurement program for their cybersecurity. 
  • 40 percent of respondents say they do not qualify and track the company IT security posture at all.  

Some Comments on The Security Practitioners Survey

Representatives from both the Ponemon Institute and AttackIQ commented on the discoveries in their survey. 

First, Larry Ponemon—founder and chairman of Ponemon Institute—shared his thoughts. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it sends the message that cybersecurity is not a mission-critical issue.” 

“The board of directors and C-suite typically come under fire when their organization suffers a data breach or other security incident, and therefore must be involved in enforcing a proactive approach to identifying and remediating security gaps.” 

Meanwhile, Brett Galloway—CEO of AttackIQ—offered his comments. “Data breaches and other security incidents continue to plague enterprises, shining a light on the need for companies to shift to a proactive approach to ensuring a strong security posture.” 

You can read more about the security practitioners survey from AttackIQ and Ponemon Institute here. Also, you can read our 2019 SIEM Buyer’s Guide here for more on the top vendors and their key capabilities; our SIEM Vendor Map can provide other crucial data.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner