As high profile cyberattacks make headlines, board members and senior management of companies large and small recognize that these attacks pose real threats to their revenue and reputations. As a result, investments in information security are essential.
So it would seem that chief information security officers should have few problems convincing upper management that they need to add more staff to combat existing and emerging threats.
But that’s not always the case.