Business leaders ’embarrassed to admit lack of cyber security knowledge’

credit: Kirill_Savenko via iStock

Many business leaders are embarrassed to reveal their knowledge of cyber security is fairly basic, an expert has warned.

According to Greg Day, European chief security officer at Palo Alto Networks, company bosses have become increasingly aware of the need to fully understand the cyber threat in recent years, Computer Weekly reports.

"I have seen a significant shift in the few years with business leaders wanting to understand more so they can have confidence in what their CISO (chief information security officer) is telling them," Mr Day observed.

However, he told attendees at the Palo Alto Networks End User Cybersecurity summit in London that some company bosses are reluctant to actually speak with their CISO about cyber security.

This, he said, is partly because they are worried about revealing how little they already know on the subject.

"Despite this thirst for knowledge, many are struggling with the challenge of how to go about acquiring the knowledge they seek because they are too embarrassed to ask their CISO very basic questions," Mr Day commented.

Author and journalist Misha Glenny, another speaker at the summit, agreed that boards are often reluctant to ask what CISOs mean, as members do not "want to expose their lack of knowledge or appear stupid".

As a result, he believes every business should have a "digital interpreter" – someone who understands the technology, the security implications and the pressures on the board, and explain to the board "what things mean".

Mr Glenny added that by having somebody communicate information in a way that boards can understand would help them recognise why "the CISO is asking for a particular investment".