CEOs Are Accountable For Cyber Attacks

CEOs should be the ones responsible in case of a cyber-attack and a data breach in an organisation, according to a new report by Tripwire.

Polling Infosecurity Europe 2017 attendees on who should be held accountable in such a scenario, 40 percent said CEOs. CISOs are the second in line with 21 percent of answers, while 14 percent would blame the CIO.

Tripwire says CEOs should be aware of the "basic principles of security," and remembered the example of former Yahoo CEO Marissa Mayer, who forfeited her cash bonus following a breach.

However, CEOs shouldn’t be the only ones holding responsibility for cyber security. "Foundational security controls should be demonstrated from the board level all the way down to the workforce," the report states.
"Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organisation," said Tim Erlin, VP at Tripwire.
"Data breaches are a problem that the board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room."
"Nevertheless, even the most diligent organisations are still susceptible to attack, and to human error. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyber-attacks. The focus should be on a balance of tools and outcomes, and especially a balance between prevention and detection."

The report also said the Operations department struggles most with cyber-attacks, followed by finance, sales and marketing.

Beta News

You Might Also Read:

Cyber Security Checklist For Management (£):

 

« Top US Cyber Official Resigns
71% Of SMEs Unprepared For Cyber Risks »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

SecureBrain

SecureBrain

SecureBrain software and services help protect against Japanese-specific cybercrime and global internet security threats such as online fraud, phishing, drive-by downloads and malware attacks.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMi Level 3 certified Global Consulting and IT Security Services company.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.