Cybersecurity Is No Longer The Sole Responsibility Of IT Specialists 

Uploaded on 2023-03-14 in NEWS-Cybersecurity News, FREE TO VIEW

While cybersecurity used to be a topic and responsibility reserved only for the IT team, we’re seeing the industry shift to a mindset of collective resilience. One where the entire company has a role to play when it comes to cybersecurity and the weight of cyber risk or even a data breach doesn’t rest solely on the shoulders of the CISO

While there’s still a lot to be done, there are positive steps being made towards more cross-industry collaboration, less pressure on the role of the CISO, and an opportunity not only for cybersecurity vendors to increase their business, but also for employees across the globe to gain a better understanding and appreciation for the importance of cybersecurity.

Rebalancing Responsibility 

Given the rising frequency of cyber-attacks around the globe, it’s not surprising to see a move to strengthen overall resilience. Cybersecurity is relevant to all industries, all businesses and all job roles, so business-wide resilience has to be a top priority. Despite challenges, the private and public sector are working to spread the burden of cybersecurity, both through education and awareness, as well as regulations and policies.  

The latest example of this is the new US National Cybersecurity Strategy from the Biden-Harris Administration, which plans to focus on “rebalancing the responsibility to defend cyberspace” and taking the burden away from individuals and small businesses. Although the implementation of these plans is not yet clear and there’s no certainty on what will change, the release of the strategy has prompted discussion around how to handle liability when it comes to a cyberattack. 

Preventing Burnout

It’s well-known in the industry that CISOs are among those with the most high pressure jobs, and that the result often leads to burnout. A 2022 survey highlighted stress and burnout as the most significant personal risks CISOs are facing in their role. 

Whilst CISOs will always have a responsibility for the cybersecurity of their business, organisations are engaging in cybersecurity more on the whole meaning there’s better understanding from the C-Level - with Accenture’s latest State of Cybersecurity report stating that 70% of organisations include cybersecurity as an item for discussion in every board meeting - as well as employees across all departments. 

The relationship between the CISO and the Board and leadership team impacts the overall approach to cybersecurity from the entire company. For example, the same Accenture report noted that CISOs in a group dubbed “Cyber Champions” were more likely to report to the CEO and the Board as well as have a far closer relationship with the CFO. What’s more, when it comes to budget authorisation, only 19% of those “Cyber Champions” had their budgets authorised by the CEO or the Board, meaning the majority had autonomy over what they spend their budget on. 

With increased recognition that cybersecurity is not the sole responsibility of one person or one team, we’ll hopefully continue to see the burden on CISOs reduced as well as more involvement and ownership from other senior leaders. 

The Opportunity For The Industry

As we see more businesses take note of cybersecurity, it’s likely there’ll also be a broader impact on other businesses in the market, including vendors. 

With the current economic and cost of living crisis, purse strings are being tightened across organisations, however with awareness of the impact a cyber-attack or data breach can have on a business, and the relationship between CISOs and the C-Level getting stronger, it’s likely we’ll see more budget going towards cybersecurity solutions, with an emphasis on those that augment the job of the security team, as well as those that educate the wider business. 

On the whole, a continued path to collective resilience spreading responsibility for cybersecurity is a positive sign for the industry. However, as hackers become evermore sophisticated and the frequency of cyber-attacks continues, it’ll be vital that cyber strategies remain agile and continue to adapt to an ever-changing threat landscape and that everybody knows what role to play.

Emily Quick is  Account Director and cybersecurity specialist at The PHA Group

You Might Also Read: 

Wanted - A New Generation Of Cyber Security Leaders:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Gang Claims Responsibility For The Attack On Oakland
A 'Golden Pipeline' To Secure The Supply Chain »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

Zafran

Zafran

Zafran is a Risk & Mitigation Platform that defuses threat exploitation by mobilizing existing security tools.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.

ShieldHaus

ShieldHaus

Protect your business from evolving cyber threats with ShieldHaus. Our real-time, AI-powered security solutions block malicious IPs, phishing attempts, and harmful domains to safeguard your systems an