Re: Cybersecurity is not the problem: Are you solving the wrong problem?
My first thoughts automatically go to the Board and this is where the professional diversity of the Board really matter. Most have law, finance, operations, and HR areas covered. It my experience or at least in my area, Boards lack the diversity of having someone who has had experience in IT/Cyber.
At this point, the Board can ask the correct questions and possibly help guide the Org. in the right direction in this area. This top down approach is more effective than the CISO trying to advocate for a direct reporting line to the CEO. Especially if the CIO has trouble letting go of power.