It’s a similar story in Australia where the chairman of the country’s corporate regulator, Australian Securities and Investments Commission, Joe Longo, previously stated he wants to hold cyber executives and boards accountable for not taking sufficient steps to protect customers and infrastructure from hackers if a company is compromised. 

Bob Zukis, CEO and founder of Digital Directors Network, believes a good way to scope out a company’s stance and approach on cybersecurity is to look at the board and what their level of cyber expertise is like, including whether a cyber expert is on the board. “Does the board have cyber expertise? Who governs cybersecurity at the board level and is making sure [the CISO] is not being set up inadvertently or overtly to be the fall person. If you don’t have a board or a leadership team that has your back on these issues, then you’ll be going it alone,” he says, adding his advice would be to “run from a board that doesn’t have cyber expertise on it.”

Zukis believes that in some ways, companies these days have to sell themselves much harder to get a CISO through the door. “Good CISOs have more than their fair share of opportunities, and so I think the power in negotiation is on their side, given what’s at stake.”