Somaini called the ISA/ANSI report a "call to arms" for U.S. organizations.
"Most information security organizations struggle with implementing even the most basic solutions," Somaini said. "Most of the struggle comes from resistance within the organization."
The report recommends ways companies can deal with cyberrisk. Among the recommendations for top executives: Appoint a cyberrisk team, develop a cyberrisk management plan across all departments and develop a total cyberrisk budget.
Sign up for CIO Asia eNewsletters.