Recent findings indicated that a fraction of 14% of CISOs demonstrate the characteristics necessary for board roles in cybersecurity. Collaborative research, dubbed as CISO as Board Directors – CISO Board Readiness Analysis, was conducted by entities such as IANS Research, Artico Search, and The CAP Group. The study evaluated the qualifications of Chief Information Security Officers (CISOs) in the Russell 1000 Index, juxtaposed against five crucial traits of credible contenders for board positions in cybersecurity. Results showed a mere 14% of R1000 CISOs as potential board director candidates.

It’s forecasted that changes in SEC rules may mandate public firms to explicitly disclose the extent of cybersecurity expertise on their boards. However, most boards currently demonstrate a deficiency in understanding of cyber matters. Recent findings by The CAP Group indicated a staggering 90% of Russell 3000 companies don’t have a single board director well-versed in cybersecurity, highlighting a pronounced supply-side gap for cyber experts.

The CISO Board Readiness report spotlights the essential traits for credible board candidates, scrutinizes the readiness of CISOs for board roles, and offers advice for firms contemplating assigning CISOs to board roles. For the research team to establish the crucial board traits for a Cyber Board Director, they investigated the profiles of current corporate directorship-holding CISOs. This examination led to the identification of five primary traits:

• A lengthy tenure in Infosec
• Proficiency in cross-functional roles
• Proven capability to scale
• Higher education achievements
• Diversity

Other notable results included:

• An estimated 6% of R1000 CISOs possessed first-hand corporate board director experience.
• An additional 14% of R1000 CISOs represented a formidable pool of candidates for board service.
• About half of R1000 CISOs could be considered as potential candidates for board roles.
• Of the viable CISO candidates, half were either females or individuals from underrepresented groups, offering an opportunity to simultaneously introduce diversity and cybersecurity expertise in a singular candidate.