More than 140 board-ready security leaders are highlighted in the book's first edition
MOUNTAIN VIEW, Calif., June 22, 2023 /PRNewswire/ -- Lacework, the data-driven cloud security company, today announced the release of the first edition of The Modern CISO Network: Board Book. Security has become a business-critical priority for every organization and proposed new rules from the Securities and Exchange Commission (SEC) would require the Board of Directors of public companies to disclose which members, if any, have security experience. Lacework's first edition of the Board Book aims to help close the cybersecurity knowledge gap in today's boardrooms by highlighting more than 140 board-ready security leaders.
A recent Harvard Business Review survey of 600 boardrooms revealed just 47 percent regularly interact with their company's CISO. That's likely because most Boards don't have anyone with the security expertise to speak the CISO's language. According to research from the CAP Group, among Fortune 100 companies, just 51 percent have directors with relevant cybersecurity experience. The situation is even more alarming in the Fortune 500, where only 9 percent of boards have directors with a strong understanding of cybersecurity. In the Russell 3000, just 8 percent of companies have directors with cybersecurity acumen. These statistics underscore the urgent need for organizations to prioritize cybersecurity expertise at the board level to effectively address the evolving threat landscape.
"Cybersecurity goes beyond addressing technical risks. It is an organizational problem that requires business alignment and should be viewed as a strategic imperative," said David Christensen, Chief Information Security Officer, PlanSource. "Including cybersecurity experience at the board level is necessary to overcome the perplexities that often accompany discussions around cyber-risk, allowing boards to ask the right questions and provide the right oversight."
Adding to the urgency, the SEC is expected to enforce new regulations that would require public companies to disclose which board members have security knowledge or experience, along with details about the board's approach to cyber oversight. The SEC published draft rules in March 2022 and is expected to finalize them in the coming months.
"Imagine if a corporate Board had not a single Director who understood how to read and interpret financial statements, or who could recognize that the CFO had overlooked some critical matter that had the potential to bankrupt the company. It is clear how that story would end. Somehow, however, despite all of us recognizing that cyberattacks can inflict tremendous damage upon a business, many of today's boards oversee cyber-risk management with essentially the same level of blindness," said Joseph Steinberg, a cybersecurity board member, author, and expert witness. "Boards need to alter their composition to include Directors who understand cybersecurity at a strategic level, who know how to oversee cyber-risk management and the function of making a business resilient against cyberthreats, and who can help boards appropriately direct and maintain their cyber-risk-oversight focus."
A Directory of Board-Qualified Security Leaders
The Modern CISO Network: Board Book is a directory of qualified senior security leaders that are ready to advise and guide businesses as they navigate the evolving cybersecurity landscape. By creating a diverse network of experienced security leaders, the book aims to elevate the role of the CISO and simplify the process for companies to find the guidance they need to navigate security threats. Lacework will update further editions of the book on an ongoing basis.
The book's first edition includes CISOs from organizations like:
To learn more about The Modern CISO Network: Board Book, visit lacework.com. To submit your board bio for future editions, contact boardbook@lacework.com.
About Lacework
Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization's cloud and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.