Only 28 percent of US enterprises say CEO and board approves acceptable level of cyber risk