Cybersecurity is moving out of the server room and into the boardroom, according to the Financial Services Information Sharing and Analysis Center, which found that 35 percent of CISOs said employee training was a top priority for improving their organization’s security postures. “The mission-essential business aspects that end-user security awareness training is now playing in global financial organizations must be front-and-center surrounding around all data handling and incident response,” said Dan Lohrmann, chief security officer at security awareness training provider Security Mentor. “Companies can no longer just check the box when it comes to security awareness training. Effective, metrics-driven, positive security training results come from brief, frequent, and focused content that is intriguing and relevant and uses cutting-edge techniques, such as gamification, to make the lessons stick. Staff must see the relevance of what they are learning, and that happens by teaching them things they don’t already know.” The study also found that CISOs were reporting at least quarterly to executive leadership, breaking down the silos that once separated IT from other departments. These reports aim to keep top leadership and boards updated on new security threats and effective defenses.