Thycotic survey of global CISOs shows that board decisions about cybersecurity spending are decidedly reflexive, with the primary drivers being fear of regulatory penalties or the costs of a repeat breach.
The reasons that boards approve investments are quite different to the decision-making process undertaken by CISOs and IT decision makers themselves.