Report: 10% of large companies do not use any cybersecurity framework

This is concerning, but not terribly surprising.  The adoption of a security framework only happens when an organization has a strong advocate on the team willing to move the process forward.  Having the right resources is almost universally a challenge for organizations and businesses, both large and small.

Government entities and regulatory bodies are starting to force the issue for many organizations in the form of audit findings and requirements.  PCI, FFIEC, HIPAA and others are asking the question and expecting an educated answer.

http://www.scmagazine.com/report-10-of-large-companies-do-not-use-any-cybersecurity-framework/article/486731/

Just 1 in 7 security chiefs report to the CEO, despite boardroom concern

I believe the statistics reflected in this article are quite accurate and reflect a fundamental challenge facing businesses today – understanding the business implications of IT Security.  Security at every level – IT, physical, cyber, financial – is a fundamental component of the business and its overall approach to risk management.

http://www.welivesecurity.com/2016/03/04/just-1-7-security-chiefs-report-ceo-despite-boardroom-concern/