Get Out Of The Audit Committee: Why CISOs Need Dedicated Board Time
CSO Online, Thursday, June 5th, 2025
CISOs increasingly need dedicated time with the board, but lack of board knowledge of cybersecurity and inability to translate security into business risk can hamper effective discussions.
Adequate time with the board is in short supply for CISOs and this restricted engagement is leaving organizations unprepared to fully understand and manage enterprise risk. Time for the cybersecurity agenda is often limited to quarterly board committee sessions and annual full boards meetings, according to an Advanced Cyber Security Center report.
In practice, this means most CISOs are only given a 15 to 45-minute slot on a crowded agenda in a board risk, audit or technology committee meeting and similar time at the board's annual meeting.