![]() “It’s often said that security is everyone’s responsibility, and academically the CISO has the authority - both are lies. “When you dig into the details of a breach you will find warnings from the information security team well before the problem is finally exposed,” said Stephen Moore, chief security strategist at Exabeam. A small portion of respondents surveyed believed it should be the responsibility of audit, risk or some other subgroup. This would presumably be overseen by the CTO or CISO. ![]() The survey of over 450 companies found that almost 40 per cent of executives felt that the board should oversee cyber, compared with 24 per cent who felt it should be the role of a specialised cyber committee. Ultimately, there is a huge disparity across organisations as to who should be responsible for cyber security. Are these business-focused, cyber-savvy, “specialist-generalist” individuals in short supply? This is because, the challenge of security is company-wide, but whoever is in charge of it needs specific, up-to-date cyber training. The problem is that the majority of executives around the world feel they face a “specialist-generalist” dilemma as to whom leads on cyber resiliency, according to the survey from Willis Towers Watson. >Read more on Cyber security best practice Poor security practice will now inevitably lead to a breach, which will in turn cause financial loss and reputational damage. With the increase of more stringent data regulations – like GDPR and California Consumer Privacy Act – and the widespread media coverage of data breaches, the impetus on cyber security has never been so high. It is also key that visibility across the whole organisation is achieved, by ensuring that no silos are present. Stronger communication and collaboration is needed across all various cyber security functions and practices, including between the board and the CTO or CISO. This idea is confirmed by a global Economist Intelligence Unit survey - sponsored by Willis Towers Watson - which found that there is a variety of approaches on how leadership implements cyber resiliency across their organisations. 'Money alone won’t save a company the organisational co-operation must match budget, otherwise security maturity and efficacy will not change'ĭifferent organisations believe that whoever is responsible for cyber security relates to various roles, depending on the type of organisation, its culture and size, from the enterprise to small businesses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |