The reasons that boards approve investments are quite different to the decision-making process undertaken by CISOs and IT decision makers themselves.
Thycotic survey of global CISOs shows that board decisions about cybersecurity spending are decidedly reflexive, with the primary drivers being fear of regulatory penalties or the costs of a repeat breach.
