75% of the CISOs surveyed report information security metrics to the board.