CEOs Are Accountable For Cyber Attacks

CEOs should be the ones responsible in case of a cyber-attack and a data breach in an organisation, according to a new report by Tripwire.

Polling Infosecurity Europe 2017 attendees on who should be held accountable in such a scenario, 40 percent said CEOs. CISOs are the second in line with 21 percent of answers, while 14 percent would blame the CIO.

Tripwire says CEOs should be aware of the "basic principles of security," and remembered the example of former Yahoo CEO Marissa Mayer, who forfeited her cash bonus following a breach.

However, CEOs shouldn’t be the only ones holding responsibility for cyber security. "Foundational security controls should be demonstrated from the board level all the way down to the workforce," the report states.
"Accountability starts with the CEO, but information security is a shared responsibility across every function and level of an organisation," said Tim Erlin, VP at Tripwire.
"Data breaches are a problem that the board-level executives need to be responsible for addressing, which means that the CISO must be involved in those board-level discussions. The board can’t take meaningful, productive risk management action without that expertise in the room."
"Nevertheless, even the most diligent organisations are still susceptible to attack, and to human error. Businesses need to implement and maintain a core set of foundational security controls, which is a proven strategy for reducing the risk of cyber-attacks. The focus should be on a balance of tools and outcomes, and especially a balance between prevention and detection."

The report also said the Operations department struggles most with cyber-attacks, followed by finance, sales and marketing.

Beta News

You Might Also Read:

Cyber Security Checklist For Management (£):

 

« Top US Cyber Official Resigns
71% Of SMEs Unprepared For Cyber Risks »

Directory of Suppliers

MIT Tech Review

MIT Tech Review

The mission of MIT Technology Review is to equip its audiences with the intelligence to understand a world shaped by technology.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Rapid 7

Rapid 7

Rapid7's IT security data and analytic solutions collect and analyze the security data you need to securely manage today's sophisticated applications and services.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

EVault

EVault

Evault is at the forefront of backup and disaster recovery technology, creating leading-edge software and cloud solutions for protecting data and preventing unplanned downtime.

Tennant Risk Services

Tennant Risk Services

Tennant Risk Services is a national wholesale insurance broker and underwriting manager. Specialty insurance cover includes Cyber Risk Insurance.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Tieto

Tieto

Tieto is the largest Nordic IT services company that provides full life-cycle services in areas including cybersecurity

Credocom

Credocom

At Credocom, we possess deep competencies in the areas of network, security and data centers.

IoT Talent Consortium (IoTTC)

IoT Talent Consortium (IoTTC)

IoTTC is a unique, non-profit community of experts and practitioners. We work to help grow the organizations and workforces needed to drive IoT-enabled digital transformation in every sector.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Wallarm

Wallarm

Wallarm offers an adaptive security platform including an integrated Web vulnerability scanner and NG-WAF solution with automatically generated security rules based on AI.