1920-x-500-Cyber-Board-Level

Cyber Board Level Representation Surges Amid Intensified Regional Conflicts, Headline-Grabbing Cyberattacks, and AI-Driven Threats

Published 6 June 2024

Amid intensified regional conflicts, headline-grabbing cyber-attacks, and the emergence of AI-driven threats, board-level representation for cybersecurity surged 62% in the last 12 months within the US’ critical infrastructure organizations.

The figures are revealed in our new CNI research, which surveyed 521 staff responsible for cybersecurity at US critical infrastructure organizations (encompassing civil aviation, telecommunications, energy, transport, media, financial services and water supply).

In central government, the percentage of organizations with a board-level cybersecurity representative increased massively – by 149% – rising from just 13% last year to 33% this year, reflecting the imperative to improve security in the face of an onslaught of attacks. The urgency to act in central government has steadily increased as threats have grown, whilst further attacks on election infrastructure are likely this year ahead of the presidential election later this year.

Across all critical infrastructure sectors, 36% of organizations now have a Chief Information Security Officer (CISO) or person with cybersecurity responsibilities on their board of directors, compared with 22% last year. Six-in-ten (60%) organizations are currently bringing in such changes, and 17% plan to within the next 12 months.

Chase Richardson, Vice President of Consulting, said: “As critical infrastructure organizations grapple with a challenging and changing environment, it is very welcome to see such a significant increase in board members with responsibility for cybersecurity. Even if the overall level is still too low and a greater sense of urgency is required, the signs are there that cybersecurity is getting the recognition it needs at the top table. The increase in such appointments among central government organizations, for example, shows they are acting on their own advice that organizations must give priority to cyber concerns.

“Threats are proliferating and nation-state activity is more determined and well-resourced, aimed very specifically at our critical infrastructure organizations. Cybersecurity must have a voice at the top table in every organisation as part of a fully-developed strategy that includes technology, human expertise and constant vigilance.”

Our research also found a very significant 64% increase in the percentage of organizations that have aligned their cybersecurity strategy to their business objectives – up from 23% in the 2023 research to 38% this year.

All critical infrastructure organizations must ensure their business initiatives do not jeopardize cybersecurity. Having a senior figure on the board with cybersecurity as part of their job description helps ensure security awareness and best practice are embedded across the organisation.